Browse Source

Fix #142 - Escape ILIKE special characters from Account.find_remote

closed-social-glitch-2
Eugen Rochko 7 years ago
parent
commit
8152584cf5
2 changed files with 43 additions and 3 deletions
  1. +1
    -1
      app/models/account.rb
  2. +42
    -2
      spec/models/account_spec.rb

+ 1
- 1
app/models/account.rb View File

@ -142,7 +142,7 @@ class Account < ApplicationRecord
end end
def find_remote!(username, domain) def find_remote!(username, domain)
where(arel_table[:username].matches(username)).where(domain.nil? ? { domain: nil } : arel_table[:domain].matches(domain)).take!
where(arel_table[:username].matches(username.gsub(/[%_]/, '\\\\\0'))).where(domain.nil? ? { domain: nil } : arel_table[:domain].matches(domain.gsub(/[%_]/, '\\\\\0'))).take!
end end
def find_local(username) def find_local(username)

+ 42
- 2
spec/models/account_spec.rb View File

@ -107,11 +107,51 @@ RSpec.describe Account, type: :model do
end end
describe '.find_local' do describe '.find_local' do
pending
before do
Fabricate(:account, username: 'Alice')
end
it 'returns Alice for alice' do
expect(Account.find_local('alice')).to_not be_nil
end
it 'returns Alice for Alice' do
expect(Account.find_local('Alice')).to_not be_nil
end
it 'does not return anything for a_ice' do
expect(Account.find_local('a_ice')).to be_nil
end
it 'does not return anything for al%' do
expect(Account.find_local('al%')).to be_nil
end
end end
describe '.find_remote' do describe '.find_remote' do
pending
before do
Fabricate(:account, username: 'Alice', domain: 'mastodon.social')
end
it 'returns Alice for alice@mastodon.social' do
expect(Account.find_remote('alice', 'mastodon.social')).to_not be_nil
end
it 'returns Alice for ALICE@MASTODON.SOCIAL' do
expect(Account.find_remote('ALICE', 'MASTODON.SOCIAL')).to_not be_nil
end
it 'does not return anything for a_ice@mastodon.social' do
expect(Account.find_remote('a_ice', 'mastodon.social')).to be_nil
end
it 'does not return anything for alice@m_stodon.social' do
expect(Account.find_remote('alice', 'm_stodon.social')).to be_nil
end
it 'does not return anything for alice@m%' do
expect(Account.find_remote('alice', 'm%')).to be_nil
end
end end
describe 'MENTION_RE' do describe 'MENTION_RE' do

Loading…
Cancel
Save