srizan/archived-hc-harbor
1
0
Fork 0
mirror of https://github.com/SrIzan10/hc-harbor.git synced 2026-05-01 10:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix broken validation

Browse Source
This commit is contained in:
Echo
2025-08-26 07:03:48 -04:00
parent c299e26e67
commit 84ac41ad7e
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/api/admin/v1/admin_controller.rb
View File

@@ -248,8 +248,11 @@ module Api
return render json: { error: "whatcha doin'?" }, status: :unprocessable_entity
end
cool = %w[created_at deleted_at]
not_cool = %w[INSERT UPDATE DELETE DROP CREATE ALTER TRUNCATE EXEC EXECUTE]
if not_cool.any? { |keyword| query.upcase.include?(keyword) }
if not_cool.any? { |keyword| query.upcase.include?(keyword) } &&
cool.none? { |field| query.upcase.include?(field.upcase) }
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
@@ -257,11 +260,6 @@ module Api
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
cool = %w[created_at deleted_at]
if query.upcase.match?(/\b(#{not_cool.join('|')})\b/) && !query.upcase.match?(/\b(#{cool.join('|')})\b/)
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
begin
limited_query = query.strip
unless limited_query.upcase.include?("LIMIT")