Description:
fixed form_tag/form_for, disabled attributes whitelist
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
Jittat Fakcharoenphol
-
r321:6490fd9a1f54 - - 17 files changed: 23 inserted, 22 deleted
| @@ -55,13 +55,14 | |||||
|
|
55 | @user = User.find(session[:user_id]) |
|
55 | @user = User.find(session[:user_id]) |
|
|
56 | end |
|
56 | end |
|
|
57 |
|
57 | ||
|
|
58 | def submit |
|
58 | def submit |
|
|
59 | user = User.find(session[:user_id]) |
|
59 | user = User.find(session[:user_id]) |
|
|
60 |
|
60 | ||
|
|
61 |
- @submission = Submission.new |
|
61 | + @submission = Submission.new |
|
|
|
62 | + @submission.problem_id = params[:submission][:problem_id] | ||
|
|
62 | @submission.user = user |
|
63 | @submission.user = user |
|
|
63 | @submission.language_id = 0 |
|
64 | @submission.language_id = 0 |
|
|
64 | if (params['file']) and (params['file']!='') |
|
65 | if (params['file']) and (params['file']!='') |
|
|
65 | @submission.source = params['file'].read |
|
66 | @submission.source = params['file'].read |
|
|
66 | @submission.source_filename = params['file'].original_filename |
|
67 | @submission.source_filename = params['file'].original_filename |
|
|
67 | end |
|
68 | end |
| @@ -8,22 +8,22 | |||||
|
|
8 | %br/ |
|
8 | %br/ |
|
|
9 |
|
9 | ||
|
|
10 | .submitbox |
|
10 | .submitbox |
|
|
11 | .item |
|
11 | .item |
|
|
12 | Grader control: |
|
12 | Grader control: |
|
|
13 | .item |
|
13 | .item |
|
|
14 |
- |
|
14 | + = form_for :clear, nil, :url => {:action => 'start_grading'} do |f| |
|
|
15 | = submit_tag 'Start graders in grading env' |
|
15 | = submit_tag 'Start graders in grading env' |
|
|
16 | .item |
|
16 | .item |
|
|
17 |
- |
|
17 | + = form_for :clear, nil, :url => {:action => 'start_exam'} do |f| |
|
|
18 | = submit_tag 'Start graders in exam env' |
|
18 | = submit_tag 'Start graders in exam env' |
|
|
19 | .item |
|
19 | .item |
|
|
20 |
- |
|
20 | + = form_for :clear, nil, :url => {:action => 'stop_all'} do |f| |
|
|
21 | = submit_tag 'Stop all running graders' |
|
21 | = submit_tag 'Stop all running graders' |
|
|
22 | .item |
|
22 | .item |
|
|
23 |
- |
|
23 | + = form_for :clear, nil, :url => {:action => 'clear_all'} do |f| |
|
|
24 | = submit_tag 'Clear all data' |
|
24 | = submit_tag 'Clear all data' |
|
|
25 | %br{:style => 'clear:both'}/ |
|
25 | %br{:style => 'clear:both'}/ |
|
|
26 |
|
26 | ||
|
|
27 | - if @last_task |
|
27 | - if @last_task |
|
|
28 | Last task: |
|
28 | Last task: |
|
|
29 | = link_to "#{@last_task.id}", :action => 'view', :id => @last_task.id, :type => 'Task' |
|
29 | = link_to "#{@last_task.id}", :action => 'view', :id => @last_task.id, :type => 'Task' |
| @@ -42,10 +42,10 | |||||
|
|
42 | %h2 Stalled graders |
|
42 | %h2 Stalled graders |
|
|
43 |
|
43 | ||
|
|
44 | = render :partial => 'grader_list', :locals => {:grader_list => @stalled_processes} |
|
44 | = render :partial => 'grader_list', :locals => {:grader_list => @stalled_processes} |
|
|
45 |
|
45 | ||
|
|
46 | %h2 Terminated graders |
|
46 | %h2 Terminated graders |
|
|
47 |
|
47 | ||
|
|
48 |
- |
|
48 | + = form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f| |
|
|
49 | = submit_tag 'Clear data for terminated graders' |
|
49 | = submit_tag 'Clear data for terminated graders' |
|
|
50 |
|
50 | ||
|
|
51 | = render :partial => 'grader_list', :locals => {:grader_list => @terminated_processes} |
|
51 | = render :partial => 'grader_list', :locals => {:grader_list => @terminated_processes} |
| @@ -9,8 +9,8 | |||||
|
|
9 | - @contests.each do |contest| |
|
9 | - @contests.each do |contest| |
|
|
10 | = contest.title |
|
10 | = contest.title |
|
|
11 | %br |
|
11 | %br |
|
|
12 |
|
12 | ||
|
|
13 | =t 'main.confirm_contest_start.timer_starts_after_click' |
|
13 | =t 'main.confirm_contest_start.timer_starts_after_click' |
|
|
14 |
|
14 | ||
|
|
15 |
- |
|
15 | + = form_tag :action => 'confirm_contest_start', :method => 'post' do |
|
|
16 | = submit_tag t('main.confirm_contest_start.start_button'), :confirm => t('main.confirm_contest_start.start_button_confirm') |
|
16 | = submit_tag t('main.confirm_contest_start.start_button'), :confirm => t('main.confirm_contest_start.start_button_confirm') |
| @@ -11,13 +11,13 | |||||
|
|
11 | (1) **YES**, |
|
11 | (1) **YES**, |
|
|
12 | (2) <b>NO</b>, |
|
12 | (2) <b>NO</b>, |
|
|
13 | (3) **ANSWERED IN TASK DESCRIPTION (EXPLICITLY OR IMPLICITLY)**, |
|
13 | (3) **ANSWERED IN TASK DESCRIPTION (EXPLICITLY OR IMPLICITLY)**, |
|
|
14 | (4) **INVALID QUESTION**, and |
|
14 | (4) **INVALID QUESTION**, and |
|
|
15 | (5) **NO COMMENT**. |
|
15 | (5) **NO COMMENT**. |
|
|
16 |
|
16 | ||
|
|
17 |
- |
|
17 | + = form_for 'message', nil, :url => { :action => 'create'} do |f| |
|
|
18 | %p |
|
18 | %p |
|
|
19 | %b New clarification request |
|
19 | %b New clarification request |
|
|
20 | = submit_tag "Post" |
|
20 | = submit_tag "Post" |
|
|
21 | %br/ |
|
21 | %br/ |
|
|
22 | = f.text_area :body, :rows => 5, :cols => 100 |
|
22 | = f.text_area :body, :rows => 5, :cols => 100 |
|
|
23 |
|
23 | ||
| @@ -3,13 +3,13 | |||||
|
|
3 | .message |
|
3 | .message |
|
|
4 | .stat |
|
4 | .stat |
|
|
5 | = "#{@message.sender.full_name} at #{@message.created_at}" |
|
5 | = "#{@message.sender.full_name} at #{@message.created_at}" |
|
|
6 | .body= simple_format(@message.body) |
|
6 | .body= simple_format(@message.body) |
|
|
7 |
|
7 | ||
|
|
8 | %h3 Your reply: |
|
8 | %h3 Your reply: |
|
|
9 |
- |
|
9 | + = form_for 'r_message', nil, :url => { :action => 'reply'} do |f| |
|
|
10 | = f.text_area :body, :rows => 5, :cols => 100 |
|
10 | = f.text_area :body, :rows => 5, :cols => 100 |
|
|
11 | = f.hidden_field :receiver_id, {:value => @message.sender_id } |
|
11 | = f.hidden_field :receiver_id, {:value => @message.sender_id } |
|
|
12 | = f.hidden_field :replying_message_id, {:value => @message.id } |
|
12 | = f.hidden_field :replying_message_id, {:value => @message.id } |
|
|
13 | = submit_tag "Post" |
|
13 | = submit_tag "Post" |
|
|
14 |
|
14 | ||
|
|
15 | %p |
|
15 | %p |
| @@ -6,13 +6,13 | |||||
|
|
6 |
|
6 | ||
|
|
7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
|
8 |
|
8 | ||
|
|
9 | - if @problem and @problem.errors |
|
9 | - if @problem and @problem.errors |
|
|
10 | =error_messages_for 'problem' |
|
10 | =error_messages_for 'problem' |
|
|
11 |
|
11 | ||
|
|
12 |
- |
|
12 | + = form_tag({:action => 'do_import'}, :multipart => true) do |
|
|
13 | .submitbox |
|
13 | .submitbox |
|
|
14 | %table |
|
14 | %table |
|
|
15 | %tr |
|
15 | %tr |
|
|
16 | %td Name: |
|
16 | %td Name: |
|
|
17 | %td= text_field_tag 'name' |
|
17 | %td= text_field_tag 'name' |
|
|
18 | %tr |
|
18 | %tr |
| @@ -3,13 +3,13 | |||||
|
|
3 | = javascript_include_tag :defaults |
|
3 | = javascript_include_tag :defaults |
|
|
4 |
|
4 | ||
|
|
5 | %h1 Manage problems |
|
5 | %h1 Manage problems |
|
|
6 |
|
6 | ||
|
|
7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
|
8 |
|
8 | ||
|
|
9 |
- |
|
9 | + = form_tag :action=>'do_manage' do |
|
|
10 | .submitbox |
|
10 | .submitbox |
|
|
11 | What do you want to do? |
|
11 | What do you want to do? |
|
|
12 | %br/ |
|
12 | %br/ |
|
|
13 | %ul |
|
13 | %ul |
|
|
14 | %li |
|
14 | %li |
|
|
15 | Change date added to |
|
15 | Change date added to |
| @@ -12,23 +12,23 | |||||
|
|
12 | %script{:type => 'text/javascript', :src => '/javascripts/site_update.js'} |
|
12 | %script{:type => 'text/javascript', :src => '/javascripts/site_update.js'} |
|
|
13 |
|
13 | ||
|
|
14 | %div{ :style => "border: solid 1px gray; padding: 2px; background: #f0f0f0;"} |
|
14 | %div{ :style => "border: solid 1px gray; padding: 2px; background: #f0f0f0;"} |
|
|
15 | %h2 For Site Administrator. |
|
15 | %h2 For Site Administrator. |
|
|
16 |
|
16 | ||
|
|
17 | - if @default_site |
|
17 | - if @default_site |
|
|
18 |
- |
|
18 | + = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f| |
|
|
19 | %b Log in for default site. |
|
19 | %b Log in for default site. |
|
|
20 | = f.hidden_field :site_id, :value => @default_site.id |
|
20 | = f.hidden_field :site_id, :value => @default_site.id |
|
|
21 | %br/ |
|
21 | %br/ |
|
|
22 | Password: |
|
22 | Password: |
|
|
23 | = f.password_field :password |
|
23 | = f.password_field :password |
|
|
24 | = submit_tag "Site Administrator Login" |
|
24 | = submit_tag "Site Administrator Login" |
|
|
25 |
|
25 | ||
|
|
26 | - else |
|
26 | - else |
|
|
27 | Please select your country and site and login. |
|
27 | Please select your country and site and login. |
|
|
28 |
- |
|
28 | + = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f| |
|
|
29 | Country: |
|
29 | Country: |
|
|
30 | = select :site_country, :id, @country_select_with_all, {}, {:onchange => "updateSiteList();", :onclick => "updateSiteList();" } |
|
30 | = select :site_country, :id, @country_select_with_all, {}, {:onchange => "updateSiteList();", :onclick => "updateSiteList();" } |
|
|
31 | Site: |
|
31 | Site: |
|
|
32 | = select :login, :site_id, @site_select |
|
32 | = select :login, :site_id, @site_select |
|
|
33 | %br/ |
|
33 | %br/ |
|
|
34 | Password: |
|
34 | Password: |
| @@ -8,13 +8,13 | |||||
|
|
8 | (please |
|
8 | (please |
|
|
9 | = link_to 'refresh', :action => 'index' |
|
9 | = link_to 'refresh', :action => 'index' |
|
|
10 | to update) |
|
10 | to update) |
|
|
11 | %br/ |
|
11 | %br/ |
|
|
12 | %br/ |
|
12 | %br/ |
|
|
13 |
|
13 | ||
|
|
14 |
- |
|
14 | + = form_tag :action => 'start' do |
|
|
15 | When you're ready, you can click the button below to start the contest. |
|
15 | When you're ready, you can click the button below to start the contest. |
|
|
16 | %br/ |
|
16 | %br/ |
|
|
17 | Please make sure that the contestants are ready. |
|
17 | Please make sure that the contestants are ready. |
|
|
18 | After the contest is started, it <b>cannot</b> be paused or stopped. |
|
18 | After the contest is started, it <b>cannot</b> be paused or stopped. |
|
|
19 | %br/ |
|
19 | %br/ |
|
|
20 | = submit_tag 'Start the Contest.', :onclick => "return confirm('Are you sure?');" |
|
20 | = submit_tag 'Start the Contest.', :onclick => "return confirm('Are you sure?');" |
| @@ -37,13 +37,13 | |||||
|
|
37 | } |
|
37 | } |
|
|
38 | </script> |
|
38 | </script> |
|
|
39 |
|
39 | ||
|
|
40 | <% if GraderConfiguration.show_submitbox_to?(@user) and GraderConfiguration.allow_test_request(@user) %> |
|
40 | <% if GraderConfiguration.show_submitbox_to?(@user) and GraderConfiguration.allow_test_request(@user) %> |
|
|
41 | <div class="submitbox"> |
|
41 | <div class="submitbox"> |
|
|
42 | <%= error_messages_for 'submitted_test_request' %> |
|
42 | <%= error_messages_for 'submitted_test_request' %> |
|
|
43 | - <% form_for :test_request, nil, |
|
43 | + <%= form_for :test_request, nil, |
|
|
44 | :url => { :action => 'submit'}, |
|
44 | :url => { :action => 'submit'}, |
|
|
45 | :html => { :multipart => true } do |f| %> |
|
45 | :html => { :multipart => true } do |f| %> |
|
|
46 | <table> |
|
46 | <table> |
|
|
47 | <tr> |
|
47 | <tr> |
|
|
48 | <td>Task:</td> |
|
48 | <td>Task:</td> |
|
|
49 | <td> |
|
49 | <td> |
| @@ -13,13 +13,13 | |||||
|
|
13 | %td= user.full_name |
|
13 | %td= user.full_name |
|
|
14 | %td |
|
14 | %td |
|
|
15 | - if user.login!='root' |
|
15 | - if user.login!='root' |
|
|
16 | = link_to '[revoke]', :action => 'revoke_admin', :id => user.id |
|
16 | = link_to '[revoke]', :action => 'revoke_admin', :id => user.id |
|
|
17 | %hr |
|
17 | %hr |
|
|
18 |
|
18 | ||
|
|
19 |
- |
|
19 | + = form_tag :action => 'grant_admin' do |
|
|
20 | Grant admin permission to: |
|
20 | Grant admin permission to: |
|
|
21 | = text_field_tag 'login' |
|
21 | = text_field_tag 'login' |
|
|
22 | = submit_tag 'Grant' |
|
22 | = submit_tag 'Grant' |
|
|
23 |
|
23 | ||
|
|
24 | %hr/ |
|
24 | %hr/ |
|
|
25 | = link_to '[go back to index]', :action => 'index' |
|
25 | = link_to '[go back to index]', :action => 'index' |
| @@ -1,9 +1,9 | |||||
|
|
1 | %h1 Bulk edit users in contests |
|
1 | %h1 Bulk edit users in contests |
|
|
2 |
|
2 | ||
|
|
3 |
- |
|
3 | + = form_tag :action => 'manage_contest' do |
|
|
4 | List users' login below; one per line. |
|
4 | List users' login below; one per line. |
|
|
5 | %br/ |
|
5 | %br/ |
|
|
6 | = text_area_tag 'login_list', nil, :rows => 23, :cols => 80 |
|
6 | = text_area_tag 'login_list', nil, :rows => 23, :cols => 80 |
|
|
7 | %br/ |
|
7 | %br/ |
|
|
8 | %table |
|
8 | %table |
|
|
9 | %tr |
|
9 | %tr |
| @@ -1,9 +1,9 | |||||
|
|
1 | %h1 Send mass e-mails |
|
1 | %h1 Send mass e-mails |
|
|
2 |
|
2 | ||
|
|
3 |
- |
|
3 | + = form_tag :action => 'bulk_mail' do |
|
|
4 | %b List recipients' login below; one per line. |
|
4 | %b List recipients' login below; one per line. |
|
|
5 | %br/ |
|
5 | %br/ |
|
|
6 | = text_area_tag 'login_list', nil, :rows => 7, :cols => 80 |
|
6 | = text_area_tag 'login_list', nil, :rows => 7, :cols => 80 |
|
|
7 | %br/ |
|
7 | %br/ |
|
|
8 | %b Subject: |
|
8 | %b Subject: |
|
|
9 | = text_field_tag 'subject', '', :size => 60 |
|
9 | = text_field_tag 'subject', '', :size => 60 |
| @@ -6,13 +6,13 | |||||
|
|
6 | %hr/ |
|
6 | %hr/ |
|
|
7 | %b= flash[:notice] |
|
7 | %b= flash[:notice] |
|
|
8 | %hr/ |
|
8 | %hr/ |
|
|
9 |
|
9 | ||
|
|
10 | %br/ |
|
10 | %br/ |
|
|
11 |
|
11 | ||
|
|
12 |
- |
|
12 | + = form_tag :action => 'retrieve_password' do |
|
|
13 | =t 'registration.password_retrieval.instructions' |
|
13 | =t 'registration.password_retrieval.instructions' |
|
|
14 | = text_field 'email', nil, :size => 20 |
|
14 | = text_field 'email', nil, :size => 20 |
|
|
15 | %br/ |
|
15 | %br/ |
|
|
16 | = submit_tag(t 'registration.password_retrieval.button_label') |
|
16 | = submit_tag(t 'registration.password_retrieval.button_label') |
|
|
17 |
|
17 | ||
|
|
18 | = link_to "#{t 'go_back_to'}#{t 'home_page'}", :controller => 'main', :action => 'index' |
|
18 | = link_to "#{t 'go_back_to'}#{t 'home_page'}", :controller => 'main', :action => 'index' |
| @@ -21,13 +21,13 | |||||
|
|
21 | -#%tr |
|
21 | -#%tr |
|
|
22 | -#%th.uinfo E-mail |
|
22 | -#%th.uinfo E-mail |
|
|
23 | -#%td.uinfo= in_place_editor_field :user, 'email_for_editing', {}, :rows => 1 |
|
23 | -#%td.uinfo= in_place_editor_field :user, 'email_for_editing', {}, :rows => 1 |
|
|
24 | %tr |
|
24 | %tr |
|
|
25 | %th.uinfo Password |
|
25 | %th.uinfo Password |
|
|
26 | %td.uinfo |
|
26 | %td.uinfo |
|
|
27 |
- |
|
27 | + = form_tag :action => 'chg_passwd', :method => 'post' do |
|
|
28 | %table |
|
28 | %table |
|
|
29 | %tr |
|
29 | %tr |
|
|
30 | %td= password_field_tag 'passwd' |
|
30 | %td= password_field_tag 'passwd' |
|
|
31 | %td (new) |
|
31 | %td (new) |
|
|
32 | %tr |
|
32 | %tr |
|
|
33 | %td= password_field_tag 'passwd_verify' |
|
33 | %td= password_field_tag 'passwd_verify' |
| @@ -5,13 +5,13 | |||||
|
|
5 | .registration-desc |
|
5 | .registration-desc |
|
|
6 | =t 'registration.description' |
|
6 | =t 'registration.description' |
|
|
7 |
|
7 | ||
|
|
8 | = error_messages_for :user, :header_message => (t 'registration.errors.header') |
|
8 | = error_messages_for :user, :header_message => (t 'registration.errors.header') |
|
|
9 |
|
9 | ||
|
|
10 | %table |
|
10 | %table |
|
|
11 |
- |
|
11 | + = form_for :user, @user, :url => { :action => 'register' } do |f| |
|
|
12 | %tr |
|
12 | %tr |
|
|
13 | %td{:align => "right"} |
|
13 | %td{:align => "right"} |
|
|
14 | = "#{t 'login_label'}:" |
|
14 | = "#{t 'login_label'}:" |
|
|
15 | %td= f.text_field :login |
|
15 | %td= f.text_field :login |
|
|
16 | %tr |
|
16 | %tr |
|
|
17 | %td |
|
17 | %td |
| @@ -48,13 +48,13 | |||||
|
|
48 | # config.active_record.schema_format = :sql |
|
48 | # config.active_record.schema_format = :sql |
|
|
49 |
|
49 | ||
|
|
50 | # Enforce whitelist mode for mass assignment. |
|
50 | # Enforce whitelist mode for mass assignment. |
|
|
51 | # This will create an empty whitelist of attributes available for mass-assignment for all models |
|
51 | # This will create an empty whitelist of attributes available for mass-assignment for all models |
|
|
52 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible |
|
52 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible |
|
|
53 | # parameters by using an attr_accessible or attr_protected declaration. |
|
53 | # parameters by using an attr_accessible or attr_protected declaration. |
|
|
54 |
- config.active_record.whitelist_attributes = |
|
54 | + config.active_record.whitelist_attributes = false |
|
|
55 |
|
55 | ||
|
|
56 | # Enable the asset pipeline |
|
56 | # Enable the asset pipeline |
|
|
57 | config.assets.enabled = false |
|
57 | config.assets.enabled = false |
|
|
58 |
|
58 | ||
|
|
59 | # Version of your assets, change this if you want to expire all your assets |
|
59 | # Version of your assets, change this if you want to expire all your assets |
|
|
60 | config.assets.version = '1.0' |
|
60 | config.assets.version = '1.0' |
You need to be logged in to leave comments.
Login now