cafe-grader-web Commit - r321:6490fd9a1f54

cafe-grader-web

Commit `r321:6490fd9a1f54` public

parent | child

Description:

fixed form_tag/form_for, disabled attributes whitelist

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r321:6490fd9a1f54 - Mon, 01 Oct 2012 07:16:34 - 17 files changed: 23 inserted, 22 deleted

app/controllers/main_controller.rb ¶ +2 -1

                 def list
                   prepare_list_information
                 end
                 def help
                   @user = User.find(session[:user_id])
                 end
                 def submit
                   user = User.find(session[:user_id])
-            -     @submission = Submission.new(params[:submission])
+            +     @submission = Submission.new
+            +     @submission.problem_id = params[:submission][:problem_id]
                   @submission.user = user
                   @submission.language_id = 0
                   if (params['file']) and (params['file']!='')
                     @submission.source = params['file'].read
                     @submission.source_filename = params['file'].original_filename
                   end
                   @submission.submitted_at = Time.new.gmtime
                   if GraderConfiguration.time_limit_mode? and user.contest_finished?
                     @submission.errors.add_to_base "The contest is over."
                     prepare_list_information
                     render :action => 'list' and return

app/views/graders/list.html.haml ¶ +5 -5

                 = stylesheet_link_tag 'graders'
                 <meta http-equiv ="refresh" content="60"/>
               %h1 Grader information
               = link_to '[Refresh]', :action => 'list'
               %br/
               .submitbox
                 .item
                   Grader control:
                 .item
-            -     - form_for :clear, nil, :url => {:action => 'start_grading'} do |f|
+            +     = form_for :clear, nil, :url => {:action => 'start_grading'} do |f|
                     = submit_tag 'Start graders in grading env'
                 .item
-            -     - form_for :clear, nil, :url => {:action => 'start_exam'} do |f|
+            +     = form_for :clear, nil, :url => {:action => 'start_exam'} do |f|
                     = submit_tag 'Start graders in exam env'
                 .item
-            -     - form_for :clear, nil, :url => {:action => 'stop_all'} do |f|
+            +     = form_for :clear, nil, :url => {:action => 'stop_all'} do |f|
                     = submit_tag 'Stop all running graders'
                 .item
-            -     - form_for :clear, nil, :url => {:action => 'clear_all'} do |f|
+            +     = form_for :clear, nil, :url => {:action => 'clear_all'} do |f|
                     = submit_tag 'Clear all data'
                 %br{:style => 'clear:both'}/
               - if @last_task
                 Last task:
                 = link_to "#{@last_task.id}", :action => 'view', :id => @last_task.id, :type => 'Task'
                 %br/
               - if @last_test_request
                 Last test_request:
                 = link_to "#{@last_test_request.id}", :action => 'view', :id => @last_test_request.id, :type => 'TestRequest'
               %h2 Current graders
               = render :partial => 'grader_list', :locals => {:grader_list => @grader_processes}
               %h2 Stalled graders
               = render :partial => 'grader_list', :locals => {:grader_list => @stalled_processes}
               %h2 Terminated graders
-            - - form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f|
+            + = form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f|
                 = submit_tag 'Clear data for terminated graders'
               = render :partial => 'grader_list', :locals => {:grader_list => @terminated_processes}

app/views/main/confirm_contest_start.html.haml ¶ +1 -1

               .announcementbox
                 %span{:class => 'title'}
                   =t 'main.confirm_contest_start.box_title'
                 .announcement
                   %center
                     =t 'main.confirm_contest_start.contest_list'
                     - @contests.each do |contest|
                       = contest.title
                     %br
                     =t 'main.confirm_contest_start.timer_starts_after_click'
-            -       - form_tag :action => 'confirm_contest_start', :method => 'post' do
+            +       = form_tag :action => 'confirm_contest_start', :method => 'post' do
                       = submit_tag t('main.confirm_contest_start.start_button'), :confirm => t('main.confirm_contest_start.start_button_confirm')

app/views/messages/list.html.haml ¶ +1 -1

                   How to submit clarification requests
                 .announcement
                   %p
                     :markdown
                       The clarification requests should be phrased as yes/no questions.
                       The answers will be one of the following:
                       (1) **YES**,
                       (2) <b>NO</b>,
                       (3) **ANSWERED IN TASK DESCRIPTION (EXPLICITLY OR IMPLICITLY)**,
                       (4) **INVALID QUESTION**, and
                       (5) **NO COMMENT**.
-            - - form_for 'message', nil, :url => { :action => 'create'} do |f|
+            + = form_for 'message', nil, :url => { :action => 'create'} do |f|
                 %p
                   %b New clarification request
                   = submit_tag "Post"
                   %br/
                   = f.text_area :body, :rows => 5, :cols => 100
               %hr/
               = render :partial => 'message', :collection => @messages, :locals => {:reply => false}

app/views/messages/show.html.haml ¶ +1 -1

               %h3 Message
               .message
                 .stat
                   = "#{@message.sender.full_name} at #{@message.created_at}"
                 .body= simple_format(@message.body)
               %h3 Your reply:
-            - - form_for 'r_message', nil, :url => { :action => 'reply'} do |f|
+            + = form_for 'r_message', nil, :url => { :action => 'reply'} do |f|
                 = f.text_area :body, :rows => 5, :cols => 100
                 = f.hidden_field :receiver_id, {:value => @message.sender_id }
                 = f.hidden_field :replying_message_id, {:value => @message.id }
                 = submit_tag "Post"
               %p
                 If you do not want to reply, but want to hide this message from
                 console, you can
                 = link_to "[hide]", :action => 'hide', :id => @message.id
                 this message.  (This message will be marked as replied.)

app/views/problems/import.html.haml ¶ +1 -1

               - content_for :head do
                 = stylesheet_link_tag 'problems'
                 = javascript_include_tag :defaults
               %h1 Import problems
               %p= link_to '[Back to problem list]', :action => 'list'
               - if @problem and @problem.errors
                 =error_messages_for 'problem'
-            - - form_tag({:action => 'do_import'}, :multipart => true)  do
+            + = form_tag({:action => 'do_import'}, :multipart => true)  do
                 .submitbox
                   %table
                     %tr
                       %td Name:
                       %td= text_field_tag 'name'
                     %tr
                       %td Full name:
                       %td
                         = text_field_tag 'full_name'
                         %span{:class => 'help'} Leave blank to use the same value as the name above.
                     %tr
                       %td Testdata file:

app/views/problems/manage.html.haml ¶ +1 -1

               - content_for :head do
                 = stylesheet_link_tag 'problems'
                 = javascript_include_tag :defaults
               %h1 Manage problems
               %p= link_to '[Back to problem list]', :action => 'list'
-            - - form_tag :action=>'do_manage' do
+            + = form_tag :action=>'do_manage' do
                 .submitbox
                   What do you want to do?
                   %br/
                   %ul
                     %li
                       Change date added to
                       = select_date Date.current, :prefix => 'date_added'
                       &nbsp;&nbsp;&nbsp;
                       = submit_tag 'Change', :name => 'change_date_added'
                     - if GraderConfiguration.multicontests?
                       %li

app/views/site/login.html.haml ¶ +2 -2

                     = "siteList[#{country.id}][#{site.id}] = \"#{site.name}\";"
                 var allSiteList = new Array();
                 - @site_select.each do |sel|
                   = "allSiteList[#{sel[1]}]=\"#{sel[0]}\";"
               %script{:type => 'text/javascript', :src => '/javascripts/site_update.js'}
               %div{ :style => "border: solid 1px gray; padding: 2px; background: #f0f0f0;"}
                 %h2 For Site Administrator.
                 - if @default_site
-            -     - form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
+            +     = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
                     %b Log in for default site.
                     = f.hidden_field :site_id, :value => @default_site.id
                     %br/
                     Password:
                     = f.password_field :password
                     = submit_tag "Site Administrator Login"
                 - else
                   Please select your country and site and login.
-            -     - form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
+            +     = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
                     Country:
                     = select :site_country, :id, @country_select_with_all, {}, {:onchange => "updateSiteList();", :onclick => "updateSiteList();" }
                     Site:
                     = select :login, :site_id, @site_select
                     %br/
                     Password:
                     = f.password_field :password
                     = submit_tag "Site Administrator Login"
               %script{:type => 'text/javascript'}
                 updateSiteList();

app/views/site/prompt.html.haml ¶ +1 -1

                 Contest Administration for site:
                 = "#{@site.name}, #{@site.country.name if @site.country}"
               Current time at the server is
               = "#{format_short_time(Time.new.gmtime)} UTC"
               (please
               = link_to 'refresh', :action => 'index'
               to update)
               %br/
               %br/
-            - - form_tag :action => 'start' do
+            + = form_tag :action => 'start' do
                 When you're ready, you can click the button below to start the contest.
                 %br/
                 Please make sure that the contestants are ready.
                 After the contest is started, it <b>cannot</b> be paused or stopped.
                 %br/
                 = submit_tag 'Start the Contest.', :onclick => "return confirm('Are you sure?');"
               %br/
               %br/
               = link_to '[log out]', :action => 'logout'

app/views/test/index.html.erb ¶ +1 -1

                   try {
                     submissionSelect.add(new Option(""+i,""+i,false,false),null);
                   } catch(ex) {
                     submissionSelect.add(new Option(""+i,""+i,false,false));
                   }
                 }
               }
               </script>
               <% if GraderConfiguration.show_submitbox_to?(@user) and GraderConfiguration.allow_test_request(@user) %>
                 <div class="submitbox">
                 <%= error_messages_for 'submitted_test_request' %>
-            -   <% form_for :test_request, nil,
+            +   <%= form_for :test_request, nil,
                             :url => { :action => 'submit'},
                             :html => { :multipart => true } do |f| %>
                   <table>
                     <tr>
                       <td>Task:</td>
                       <td>
               	  <%= select(:test_request,
               	             :problem_id,
               	             @problems.collect {|p| [p.name, p.id]}, {},
               	             { :onclick => "updateSubmissionList();" }) %>
                       </td>
                     </tr>

app/views/user_admin/admin.html.haml ¶ +1 -1

                   %th Full name
                   %th
                 - @admins.each_with_index do |user, i|
                   %tr
                     %td= i+1
                     %td= user.login
                     %td= user.full_name
                     %td
                       - if user.login!='root'
                         = link_to '[revoke]', :action => 'revoke_admin', :id => user.id
               %hr
-            - - form_tag :action => 'grant_admin' do
+            + = form_tag :action => 'grant_admin' do
                 Grant admin permission to:
                 = text_field_tag 'login'
                 = submit_tag 'Grant'
               %hr/
               = link_to '[go back to index]', :action => 'index'

app/views/user_admin/contest_management.html.haml ¶ +1 -1

               %h1 Bulk edit users in contests
-            - - form_tag :action => 'manage_contest' do
+            + = form_tag :action => 'manage_contest' do
                 List users' login below; one per line.
                 %br/
                 = text_area_tag 'login_list', nil, :rows => 23, :cols => 80
                 %br/
                 %table
                   %tr
                     %td{:valign => 'top'}
                       You want to
                       = select(nil,"operation",[['assign users to','assign'],['add users to','add'],['remove users from','remove']])
                       contest
                       = select("contest","id",Contest.all.collect {|c| [c.title, c.id]})
                       and also

app/views/user_admin/mass_mailing.html.haml ¶ +1 -1

               %h1 Send mass e-mails
-            - - form_tag :action => 'bulk_mail' do
+            + = form_tag :action => 'bulk_mail' do
                 %b List recipients' login below; one per line.
                 %br/
                 = text_area_tag 'login_list', nil, :rows => 7, :cols => 80
                 %br/
                 %b Subject:
                 = text_field_tag 'subject', '', :size => 60
                 %br/
                 %b Email body:
                 %br/
                 = text_area_tag 'email_body', nil, :rows => 11, :cols => 80
                 %br/

app/views/users/forget.html.haml ¶ +1 -1

               .contest-title
                 %h1
                   = "#{GraderConfiguration['contest.name']}: #{t 'registration.password_retrieval.header'}"
               - if flash[:notice]
                 %hr/
                 %b= flash[:notice]
                 %hr/
               %br/
-            - - form_tag :action => 'retrieve_password' do
+            + = form_tag :action => 'retrieve_password' do
                 =t 'registration.password_retrieval.instructions'
                 = text_field 'email', nil, :size => 20
                 %br/
                 = submit_tag(t 'registration.password_retrieval.button_label')
               = link_to "#{t 'go_back_to'}#{t 'home_page'}", :controller => 'main', :action => 'index'

app/views/users/index.html.haml ¶ +1 -1

                 %tr
                   %th.uinfo Full name
                   %td.uinfo= @user.full_name
                 -#%tr
                   -#%th.uinfo Alias
                   -#%td.uinfo= in_place_editor_field :user, 'alias_for_editing', {}, :rows => 1
                 -#%tr
                   -#%th.uinfo E-mail
                   -#%td.uinfo= in_place_editor_field :user, 'email_for_editing', {}, :rows => 1
                 %tr
                   %th.uinfo Password
                   %td.uinfo
-            -       - form_tag :action => 'chg_passwd', :method => 'post' do
+            +       = form_tag :action => 'chg_passwd', :method => 'post' do
                       %table
                         %tr
                           %td= password_field_tag 'passwd'
                           %td (new)
                         %tr
                           %td= password_field_tag 'passwd_verify'
                           %td (verify)
                         %tr
                           %td{:colspan => "2"}
                             = submit_tag 'change password'

app/views/users/new.html.haml ¶ +1 -1

               .contest-title
                 %h1
                   = "#{GraderConfiguration['contest.name']}: #{t 'registration.title'}"
               .registration-desc
                 =t 'registration.description'
               = error_messages_for :user, :header_message => (t 'registration.errors.header')
               %table
-            -   - form_for :user, @user, :url => { :action => 'register' } do |f|
+            +   = form_for :user, @user, :url => { :action => 'register' } do |f|
                   %tr
                     %td{:align => "right"}
                       = "#{t 'login_label'}:"
                     %td= f.text_field :login
                   %tr
                     %td
                     %td
                       %small
                         =t 'registration.login_guide'
                   %tr
                     %td{:align => "right"}
                       = "#{t 'full_name_label'}:"

config/application.rb ¶ +1 -1

                   # Enable escaping HTML in JSON.
                   config.active_support.escape_html_entities_in_json = true
                   # Use SQL instead of Active Record's schema dumper when creating the database.
                   # This is necessary if your schema can't be completely dumped by the schema dumper,
                   # like if you have constraints or database-specific column types
                   # config.active_record.schema_format = :sql
                   # Enforce whitelist mode for mass assignment.
                   # This will create an empty whitelist of attributes available for mass-assignment for all models
                   # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
                   # parameters by using an attr_accessible or attr_protected declaration.
-            -     config.active_record.whitelist_attributes = true
+            +     config.active_record.whitelist_attributes = false
                   # Enable the asset pipeline
                   config.assets.enabled = false
                   # Version of your assets, change this if you want to expire all your assets
                   config.assets.version = '1.0'
                 end
               end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r321:6490fd9a1f54 - Mon, 01 Oct 2012 07:16:34 - 17 files changed: 23 inserted, 22 deleted

Sign in to your account

Commit r321:6490fd9a1f54 public

Author

r321:6490fd9a1f54 - Mon, 01 Oct 2012 07:16:34 - 17 files changed: 23 inserted, 22 deleted

Commit `r321:6490fd9a1f54` public