whitelist create and deleted at

2026-05-01 10:45:21 +00:00 · 2025-08-24 16:41:22 -04:00
parent 6517f9b4ec
commit 3a803260bb
1 changed files with 5 additions and 0 deletions
--- a/app/controllers/api/admin/v1/admin_controller.rb
+++ b/app/controllers/api/admin/v1/admin_controller.rb
@@ -257,6 +257,11 @@ module Api
            return render json: { error: "no perms lmaooo" }, status: :forbidden
          end

+          cool = %w[created_at deleted_at]
+          if query.upcase.match?(/\b(#{not_cool.join('|')})\b/) && !query.upcase.match?(/\b(#{cool.join('|')})\b/)
+            return render json: { error: "no perms lmaooo" }, status: :forbidden
+          end
+
          begin
            limited_query = query.strip
            unless limited_query.upcase.include?("LIMIT")