Description:
fixed form_tag/form_for, disabled attributes whitelist
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
Jittat Fakcharoenphol
-
r321:6490fd9a1f54 - - 17 files changed: 23 inserted, 22 deleted
| @@ -49,25 +49,26 | |||
|
|
49 | 49 | |
|
|
50 | 50 | def list |
|
|
51 | 51 | prepare_list_information |
|
|
52 | 52 | end |
|
|
53 | 53 | |
|
|
54 | 54 | def help |
|
|
55 | 55 | @user = User.find(session[:user_id]) |
|
|
56 | 56 | end |
|
|
57 | 57 | |
|
|
58 | 58 | def submit |
|
|
59 | 59 | user = User.find(session[:user_id]) |
|
|
60 | 60 | |
|
|
61 |
- @submission = Submission.new |
|
|
|
61 | + @submission = Submission.new | |
|
|
62 | + @submission.problem_id = params[:submission][:problem_id] | |
|
|
62 | 63 | @submission.user = user |
|
|
63 | 64 | @submission.language_id = 0 |
|
|
64 | 65 | if (params['file']) and (params['file']!='') |
|
|
65 | 66 | @submission.source = params['file'].read |
|
|
66 | 67 | @submission.source_filename = params['file'].original_filename |
|
|
67 | 68 | end |
|
|
68 | 69 | @submission.submitted_at = Time.new.gmtime |
|
|
69 | 70 | |
|
|
70 | 71 | if GraderConfiguration.time_limit_mode? and user.contest_finished? |
|
|
71 | 72 | @submission.errors.add_to_base "The contest is over." |
|
|
72 | 73 | prepare_list_information |
|
|
73 | 74 | render :action => 'list' and return |
| @@ -2,50 +2,50 | |||
|
|
2 | 2 | = stylesheet_link_tag 'graders' |
|
|
3 | 3 | <meta http-equiv ="refresh" content="60"/> |
|
|
4 | 4 | |
|
|
5 | 5 | %h1 Grader information |
|
|
6 | 6 | |
|
|
7 | 7 | = link_to '[Refresh]', :action => 'list' |
|
|
8 | 8 | %br/ |
|
|
9 | 9 | |
|
|
10 | 10 | .submitbox |
|
|
11 | 11 | .item |
|
|
12 | 12 | Grader control: |
|
|
13 | 13 | .item |
|
|
14 |
- |
|
|
|
14 | + = form_for :clear, nil, :url => {:action => 'start_grading'} do |f| | |
|
|
15 | 15 | = submit_tag 'Start graders in grading env' |
|
|
16 | 16 | .item |
|
|
17 |
- |
|
|
|
17 | + = form_for :clear, nil, :url => {:action => 'start_exam'} do |f| | |
|
|
18 | 18 | = submit_tag 'Start graders in exam env' |
|
|
19 | 19 | .item |
|
|
20 |
- |
|
|
|
20 | + = form_for :clear, nil, :url => {:action => 'stop_all'} do |f| | |
|
|
21 | 21 | = submit_tag 'Stop all running graders' |
|
|
22 | 22 | .item |
|
|
23 |
- |
|
|
|
23 | + = form_for :clear, nil, :url => {:action => 'clear_all'} do |f| | |
|
|
24 | 24 | = submit_tag 'Clear all data' |
|
|
25 | 25 | %br{:style => 'clear:both'}/ |
|
|
26 | 26 | |
|
|
27 | 27 | - if @last_task |
|
|
28 | 28 | Last task: |
|
|
29 | 29 | = link_to "#{@last_task.id}", :action => 'view', :id => @last_task.id, :type => 'Task' |
|
|
30 | 30 | |
|
|
31 | 31 | %br/ |
|
|
32 | 32 | |
|
|
33 | 33 | - if @last_test_request |
|
|
34 | 34 | Last test_request: |
|
|
35 | 35 | = link_to "#{@last_test_request.id}", :action => 'view', :id => @last_test_request.id, :type => 'TestRequest' |
|
|
36 | 36 | |
|
|
37 | 37 | |
|
|
38 | 38 | %h2 Current graders |
|
|
39 | 39 | |
|
|
40 | 40 | = render :partial => 'grader_list', :locals => {:grader_list => @grader_processes} |
|
|
41 | 41 | |
|
|
42 | 42 | %h2 Stalled graders |
|
|
43 | 43 | |
|
|
44 | 44 | = render :partial => 'grader_list', :locals => {:grader_list => @stalled_processes} |
|
|
45 | 45 | |
|
|
46 | 46 | %h2 Terminated graders |
|
|
47 | 47 | |
|
|
48 |
- |
|
|
|
48 | + = form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f| | |
|
|
49 | 49 | = submit_tag 'Clear data for terminated graders' |
|
|
50 | 50 | |
|
|
51 | 51 | = render :partial => 'grader_list', :locals => {:grader_list => @terminated_processes} |
| @@ -3,14 +3,14 | |||
|
|
3 | 3 | .announcementbox |
|
|
4 | 4 | %span{:class => 'title'} |
|
|
5 | 5 | =t 'main.confirm_contest_start.box_title' |
|
|
6 | 6 | .announcement |
|
|
7 | 7 | %center |
|
|
8 | 8 | =t 'main.confirm_contest_start.contest_list' |
|
|
9 | 9 | - @contests.each do |contest| |
|
|
10 | 10 | = contest.title |
|
|
11 | 11 | %br |
|
|
12 | 12 | |
|
|
13 | 13 | =t 'main.confirm_contest_start.timer_starts_after_click' |
|
|
14 | 14 | |
|
|
15 |
- |
|
|
|
15 | + = form_tag :action => 'confirm_contest_start', :method => 'post' do | |
|
|
16 | 16 | = submit_tag t('main.confirm_contest_start.start_button'), :confirm => t('main.confirm_contest_start.start_button_confirm') |
| @@ -5,22 +5,22 | |||
|
|
5 | 5 | How to submit clarification requests |
|
|
6 | 6 | .announcement |
|
|
7 | 7 | %p |
|
|
8 | 8 | :markdown |
|
|
9 | 9 | The clarification requests should be phrased as yes/no questions. |
|
|
10 | 10 | The answers will be one of the following: |
|
|
11 | 11 | (1) **YES**, |
|
|
12 | 12 | (2) <b>NO</b>, |
|
|
13 | 13 | (3) **ANSWERED IN TASK DESCRIPTION (EXPLICITLY OR IMPLICITLY)**, |
|
|
14 | 14 | (4) **INVALID QUESTION**, and |
|
|
15 | 15 | (5) **NO COMMENT**. |
|
|
16 | 16 | |
|
|
17 |
- |
|
|
|
17 | + = form_for 'message', nil, :url => { :action => 'create'} do |f| | |
|
|
18 | 18 | %p |
|
|
19 | 19 | %b New clarification request |
|
|
20 | 20 | = submit_tag "Post" |
|
|
21 | 21 | %br/ |
|
|
22 | 22 | = f.text_area :body, :rows => 5, :cols => 100 |
|
|
23 | 23 | |
|
|
24 | 24 | %hr/ |
|
|
25 | 25 | |
|
|
26 | 26 | = render :partial => 'message', :collection => @messages, :locals => {:reply => false} |
| @@ -1,20 +1,20 | |||
|
|
1 | 1 | %h3 Message |
|
|
2 | 2 | |
|
|
3 | 3 | .message |
|
|
4 | 4 | .stat |
|
|
5 | 5 | = "#{@message.sender.full_name} at #{@message.created_at}" |
|
|
6 | 6 | .body= simple_format(@message.body) |
|
|
7 | 7 | |
|
|
8 | 8 | %h3 Your reply: |
|
|
9 |
- |
|
|
|
9 | + = form_for 'r_message', nil, :url => { :action => 'reply'} do |f| | |
|
|
10 | 10 | = f.text_area :body, :rows => 5, :cols => 100 |
|
|
11 | 11 | = f.hidden_field :receiver_id, {:value => @message.sender_id } |
|
|
12 | 12 | = f.hidden_field :replying_message_id, {:value => @message.id } |
|
|
13 | 13 | = submit_tag "Post" |
|
|
14 | 14 | |
|
|
15 | 15 | %p |
|
|
16 | 16 | If you do not want to reply, but want to hide this message from |
|
|
17 | 17 | console, you can |
|
|
18 | 18 | = link_to "[hide]", :action => 'hide', :id => @message.id |
|
|
19 | 19 | this message. (This message will be marked as replied.) |
|
|
20 | 20 | |
| @@ -1,24 +1,24 | |||
|
|
1 | 1 | - content_for :head do |
|
|
2 | 2 | = stylesheet_link_tag 'problems' |
|
|
3 | 3 | = javascript_include_tag :defaults |
|
|
4 | 4 | |
|
|
5 | 5 | %h1 Import problems |
|
|
6 | 6 | |
|
|
7 | 7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
|
8 | 8 | |
|
|
9 | 9 | - if @problem and @problem.errors |
|
|
10 | 10 | =error_messages_for 'problem' |
|
|
11 | 11 | |
|
|
12 |
- |
|
|
|
12 | + = form_tag({:action => 'do_import'}, :multipart => true) do | |
|
|
13 | 13 | .submitbox |
|
|
14 | 14 | %table |
|
|
15 | 15 | %tr |
|
|
16 | 16 | %td Name: |
|
|
17 | 17 | %td= text_field_tag 'name' |
|
|
18 | 18 | %tr |
|
|
19 | 19 | %td Full name: |
|
|
20 | 20 | %td |
|
|
21 | 21 | = text_field_tag 'full_name' |
|
|
22 | 22 | %span{:class => 'help'} Leave blank to use the same value as the name above. |
|
|
23 | 23 | %tr |
|
|
24 | 24 | %td Testdata file: |
| @@ -1,21 +1,21 | |||
|
|
1 | 1 | - content_for :head do |
|
|
2 | 2 | = stylesheet_link_tag 'problems' |
|
|
3 | 3 | = javascript_include_tag :defaults |
|
|
4 | 4 | |
|
|
5 | 5 | %h1 Manage problems |
|
|
6 | 6 | |
|
|
7 | 7 | %p= link_to '[Back to problem list]', :action => 'list' |
|
|
8 | 8 | |
|
|
9 |
- |
|
|
|
9 | + = form_tag :action=>'do_manage' do | |
|
|
10 | 10 | .submitbox |
|
|
11 | 11 | What do you want to do? |
|
|
12 | 12 | %br/ |
|
|
13 | 13 | %ul |
|
|
14 | 14 | %li |
|
|
15 | 15 | Change date added to |
|
|
16 | 16 | = select_date Date.current, :prefix => 'date_added' |
|
|
17 | 17 | |
|
|
18 | 18 | = submit_tag 'Change', :name => 'change_date_added' |
|
|
19 | 19 | |
|
|
20 | 20 | - if GraderConfiguration.multicontests? |
|
|
21 | 21 | %li |
| @@ -6,34 +6,34 | |||
|
|
6 | 6 | = "siteList[#{country.id}][#{site.id}] = \"#{site.name}\";" |
|
|
7 | 7 | |
|
|
8 | 8 | var allSiteList = new Array(); |
|
|
9 | 9 | - @site_select.each do |sel| |
|
|
10 | 10 | = "allSiteList[#{sel[1]}]=\"#{sel[0]}\";" |
|
|
11 | 11 | |
|
|
12 | 12 | %script{:type => 'text/javascript', :src => '/javascripts/site_update.js'} |
|
|
13 | 13 | |
|
|
14 | 14 | %div{ :style => "border: solid 1px gray; padding: 2px; background: #f0f0f0;"} |
|
|
15 | 15 | %h2 For Site Administrator. |
|
|
16 | 16 | |
|
|
17 | 17 | - if @default_site |
|
|
18 |
- |
|
|
|
18 | + = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f| | |
|
|
19 | 19 | %b Log in for default site. |
|
|
20 | 20 | = f.hidden_field :site_id, :value => @default_site.id |
|
|
21 | 21 | %br/ |
|
|
22 | 22 | Password: |
|
|
23 | 23 | = f.password_field :password |
|
|
24 | 24 | = submit_tag "Site Administrator Login" |
|
|
25 | 25 | |
|
|
26 | 26 | - else |
|
|
27 | 27 | Please select your country and site and login. |
|
|
28 |
- |
|
|
|
28 | + = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f| | |
|
|
29 | 29 | Country: |
|
|
30 | 30 | = select :site_country, :id, @country_select_with_all, {}, {:onchange => "updateSiteList();", :onclick => "updateSiteList();" } |
|
|
31 | 31 | Site: |
|
|
32 | 32 | = select :login, :site_id, @site_select |
|
|
33 | 33 | %br/ |
|
|
34 | 34 | Password: |
|
|
35 | 35 | = f.password_field :password |
|
|
36 | 36 | = submit_tag "Site Administrator Login" |
|
|
37 | 37 | |
|
|
38 | 38 | %script{:type => 'text/javascript'} |
|
|
39 | 39 | updateSiteList(); |
| @@ -2,23 +2,23 | |||
|
|
2 | 2 | Contest Administration for site: |
|
|
3 | 3 | = "#{@site.name}, #{@site.country.name if @site.country}" |
|
|
4 | 4 | |
|
|
5 | 5 | |
|
|
6 | 6 | Current time at the server is |
|
|
7 | 7 | = "#{format_short_time(Time.new.gmtime)} UTC" |
|
|
8 | 8 | (please |
|
|
9 | 9 | = link_to 'refresh', :action => 'index' |
|
|
10 | 10 | to update) |
|
|
11 | 11 | %br/ |
|
|
12 | 12 | %br/ |
|
|
13 | 13 | |
|
|
14 |
- |
|
|
|
14 | + = form_tag :action => 'start' do | |
|
|
15 | 15 | When you're ready, you can click the button below to start the contest. |
|
|
16 | 16 | %br/ |
|
|
17 | 17 | Please make sure that the contestants are ready. |
|
|
18 | 18 | After the contest is started, it <b>cannot</b> be paused or stopped. |
|
|
19 | 19 | %br/ |
|
|
20 | 20 | = submit_tag 'Start the Contest.', :onclick => "return confirm('Are you sure?');" |
|
|
21 | 21 | |
|
|
22 | 22 | %br/ |
|
|
23 | 23 | %br/ |
|
|
24 | 24 | = link_to '[log out]', :action => 'logout' |
| @@ -31,25 +31,25 | |||
|
|
31 | 31 | try { |
|
|
32 | 32 | submissionSelect.add(new Option(""+i,""+i,false,false),null); |
|
|
33 | 33 | } catch(ex) { |
|
|
34 | 34 | submissionSelect.add(new Option(""+i,""+i,false,false)); |
|
|
35 | 35 | } |
|
|
36 | 36 | } |
|
|
37 | 37 | } |
|
|
38 | 38 | </script> |
|
|
39 | 39 | |
|
|
40 | 40 | <% if GraderConfiguration.show_submitbox_to?(@user) and GraderConfiguration.allow_test_request(@user) %> |
|
|
41 | 41 | <div class="submitbox"> |
|
|
42 | 42 | <%= error_messages_for 'submitted_test_request' %> |
|
|
43 | - <% form_for :test_request, nil, | |
|
|
43 | + <%= form_for :test_request, nil, | |
|
|
44 | 44 | :url => { :action => 'submit'}, |
|
|
45 | 45 | :html => { :multipart => true } do |f| %> |
|
|
46 | 46 | <table> |
|
|
47 | 47 | <tr> |
|
|
48 | 48 | <td>Task:</td> |
|
|
49 | 49 | <td> |
|
|
50 | 50 | <%= select(:test_request, |
|
|
51 | 51 | :problem_id, |
|
|
52 | 52 | @problems.collect {|p| [p.name, p.id]}, {}, |
|
|
53 | 53 | { :onclick => "updateSubmissionList();" }) %> |
|
|
54 | 54 | </td> |
|
|
55 | 55 | </tr> |
| @@ -7,19 +7,19 | |||
|
|
7 | 7 | %th Full name |
|
|
8 | 8 | %th |
|
|
9 | 9 | - @admins.each_with_index do |user, i| |
|
|
10 | 10 | %tr |
|
|
11 | 11 | %td= i+1 |
|
|
12 | 12 | %td= user.login |
|
|
13 | 13 | %td= user.full_name |
|
|
14 | 14 | %td |
|
|
15 | 15 | - if user.login!='root' |
|
|
16 | 16 | = link_to '[revoke]', :action => 'revoke_admin', :id => user.id |
|
|
17 | 17 | %hr |
|
|
18 | 18 | |
|
|
19 |
- |
|
|
|
19 | + = form_tag :action => 'grant_admin' do | |
|
|
20 | 20 | Grant admin permission to: |
|
|
21 | 21 | = text_field_tag 'login' |
|
|
22 | 22 | = submit_tag 'Grant' |
|
|
23 | 23 | |
|
|
24 | 24 | %hr/ |
|
|
25 | 25 | = link_to '[go back to index]', :action => 'index' |
| @@ -1,15 +1,15 | |||
|
|
1 | 1 | %h1 Bulk edit users in contests |
|
|
2 | 2 | |
|
|
3 |
- |
|
|
|
3 | + = form_tag :action => 'manage_contest' do | |
|
|
4 | 4 | List users' login below; one per line. |
|
|
5 | 5 | %br/ |
|
|
6 | 6 | = text_area_tag 'login_list', nil, :rows => 23, :cols => 80 |
|
|
7 | 7 | %br/ |
|
|
8 | 8 | %table |
|
|
9 | 9 | %tr |
|
|
10 | 10 | %td{:valign => 'top'} |
|
|
11 | 11 | You want to |
|
|
12 | 12 | = select(nil,"operation",[['assign users to','assign'],['add users to','add'],['remove users from','remove']]) |
|
|
13 | 13 | contest |
|
|
14 | 14 | = select("contest","id",Contest.all.collect {|c| [c.title, c.id]}) |
|
|
15 | 15 | and also |
| @@ -1,15 +1,15 | |||
|
|
1 | 1 | %h1 Send mass e-mails |
|
|
2 | 2 | |
|
|
3 |
- |
|
|
|
3 | + = form_tag :action => 'bulk_mail' do | |
|
|
4 | 4 | %b List recipients' login below; one per line. |
|
|
5 | 5 | %br/ |
|
|
6 | 6 | = text_area_tag 'login_list', nil, :rows => 7, :cols => 80 |
|
|
7 | 7 | %br/ |
|
|
8 | 8 | %b Subject: |
|
|
9 | 9 | = text_field_tag 'subject', '', :size => 60 |
|
|
10 | 10 | %br/ |
|
|
11 | 11 | %b Email body: |
|
|
12 | 12 | %br/ |
|
|
13 | 13 | = text_area_tag 'email_body', nil, :rows => 11, :cols => 80 |
|
|
14 | 14 | %br/ |
|
|
15 | 15 | |
| @@ -1,18 +1,18 | |||
|
|
1 | 1 | .contest-title |
|
|
2 | 2 | %h1 |
|
|
3 | 3 | = "#{GraderConfiguration['contest.name']}: #{t 'registration.password_retrieval.header'}" |
|
|
4 | 4 | |
|
|
5 | 5 | - if flash[:notice] |
|
|
6 | 6 | %hr/ |
|
|
7 | 7 | %b= flash[:notice] |
|
|
8 | 8 | %hr/ |
|
|
9 | 9 | |
|
|
10 | 10 | %br/ |
|
|
11 | 11 | |
|
|
12 |
- |
|
|
|
12 | + = form_tag :action => 'retrieve_password' do | |
|
|
13 | 13 | =t 'registration.password_retrieval.instructions' |
|
|
14 | 14 | = text_field 'email', nil, :size => 20 |
|
|
15 | 15 | %br/ |
|
|
16 | 16 | = submit_tag(t 'registration.password_retrieval.button_label') |
|
|
17 | 17 | |
|
|
18 | 18 | = link_to "#{t 'go_back_to'}#{t 'home_page'}", :controller => 'main', :action => 'index' |
| @@ -15,24 +15,24 | |||
|
|
15 | 15 | %tr |
|
|
16 | 16 | %th.uinfo Full name |
|
|
17 | 17 | %td.uinfo= @user.full_name |
|
|
18 | 18 | -#%tr |
|
|
19 | 19 | -#%th.uinfo Alias |
|
|
20 | 20 | -#%td.uinfo= in_place_editor_field :user, 'alias_for_editing', {}, :rows => 1 |
|
|
21 | 21 | -#%tr |
|
|
22 | 22 | -#%th.uinfo E-mail |
|
|
23 | 23 | -#%td.uinfo= in_place_editor_field :user, 'email_for_editing', {}, :rows => 1 |
|
|
24 | 24 | %tr |
|
|
25 | 25 | %th.uinfo Password |
|
|
26 | 26 | %td.uinfo |
|
|
27 |
- |
|
|
|
27 | + = form_tag :action => 'chg_passwd', :method => 'post' do | |
|
|
28 | 28 | %table |
|
|
29 | 29 | %tr |
|
|
30 | 30 | %td= password_field_tag 'passwd' |
|
|
31 | 31 | %td (new) |
|
|
32 | 32 | %tr |
|
|
33 | 33 | %td= password_field_tag 'passwd_verify' |
|
|
34 | 34 | %td (verify) |
|
|
35 | 35 | %tr |
|
|
36 | 36 | %td{:colspan => "2"} |
|
|
37 | 37 | = submit_tag 'change password' |
|
|
38 | 38 | |
| @@ -1,23 +1,23 | |||
|
|
1 | 1 | .contest-title |
|
|
2 | 2 | %h1 |
|
|
3 | 3 | = "#{GraderConfiguration['contest.name']}: #{t 'registration.title'}" |
|
|
4 | 4 | |
|
|
5 | 5 | .registration-desc |
|
|
6 | 6 | =t 'registration.description' |
|
|
7 | 7 | |
|
|
8 | 8 | = error_messages_for :user, :header_message => (t 'registration.errors.header') |
|
|
9 | 9 | |
|
|
10 | 10 | %table |
|
|
11 |
- |
|
|
|
11 | + = form_for :user, @user, :url => { :action => 'register' } do |f| | |
|
|
12 | 12 | %tr |
|
|
13 | 13 | %td{:align => "right"} |
|
|
14 | 14 | = "#{t 'login_label'}:" |
|
|
15 | 15 | %td= f.text_field :login |
|
|
16 | 16 | %tr |
|
|
17 | 17 | %td |
|
|
18 | 18 | %td |
|
|
19 | 19 | %small |
|
|
20 | 20 | =t 'registration.login_guide' |
|
|
21 | 21 | %tr |
|
|
22 | 22 | %td{:align => "right"} |
|
|
23 | 23 | = "#{t 'full_name_label'}:" |
| @@ -42,21 +42,21 | |||
|
|
42 | 42 | # Enable escaping HTML in JSON. |
|
|
43 | 43 | config.active_support.escape_html_entities_in_json = true |
|
|
44 | 44 | |
|
|
45 | 45 | # Use SQL instead of Active Record's schema dumper when creating the database. |
|
|
46 | 46 | # This is necessary if your schema can't be completely dumped by the schema dumper, |
|
|
47 | 47 | # like if you have constraints or database-specific column types |
|
|
48 | 48 | # config.active_record.schema_format = :sql |
|
|
49 | 49 | |
|
|
50 | 50 | # Enforce whitelist mode for mass assignment. |
|
|
51 | 51 | # This will create an empty whitelist of attributes available for mass-assignment for all models |
|
|
52 | 52 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible |
|
|
53 | 53 | # parameters by using an attr_accessible or attr_protected declaration. |
|
|
54 |
- config.active_record.whitelist_attributes = |
|
|
|
54 | + config.active_record.whitelist_attributes = false | |
|
|
55 | 55 | |
|
|
56 | 56 | # Enable the asset pipeline |
|
|
57 | 57 | config.assets.enabled = false |
|
|
58 | 58 | |
|
|
59 | 59 | # Version of your assets, change this if you want to expire all your assets |
|
|
60 | 60 | config.assets.version = '1.0' |
|
|
61 | 61 | end |
|
|
62 | 62 | end |
You need to be logged in to leave comments.
Login now