From 0cc579b2875a1f31d4425cc90378fd8cbf934974 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 19 Jun 2014 00:25:18 +0100 Subject: [PATCH] Improve blocking of characters not allowed in XML --- app/controllers/amf_controller.rb | 6 +++--- app/models/user.rb | 2 +- test/models/user_test.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index 57eb28237..ad337d8a7 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -551,7 +551,7 @@ class AmfController < ApplicationController mid = renumberedways[mid] if m[0] == 'Way' end if mid - typedmembers << [m[0], mid, m[2].delete("\000-\037", "^\011\012\015")] + typedmembers << [m[0], mid, m[2].delete("\000-\037\ufffe\uffff", "^\011\012\015")] end end @@ -886,8 +886,8 @@ class AmfController < ApplicationController new_tags = Hash.new unless tags.nil? tags.each do |k, v| - new_k = k.delete "\000-\037", "^\011\012\015" - new_v = v.delete "\000-\037", "^\011\012\015" + new_k = k.delete "\000-\037\ufffe\uffff", "^\011\012\015" + new_v = v.delete "\000-\037\ufffe\uffff", "^\011\012\015" new_tags[new_k] = new_v end end diff --git a/app/models/user.rb b/app/models/user.rb index 9bfb96776..81154fff7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -42,7 +42,7 @@ class User < ActiveRecord::Base validates_length_of :display_name, :within => 3..255, :allow_nil => true validates_email_format_of :email, :if => Proc.new { |u| u.email_changed? } validates_email_format_of :new_email, :allow_blank => true, :if => Proc.new { |u| u.new_email_changed? } - validates_format_of :display_name, :with => /\A[^\x00-\x1f\x7f\/;.,?%#]*\z/, :if => Proc.new { |u| u.display_name_changed? } + validates_format_of :display_name, :with => /\A[^\x00-\x1f\x7f\ufffe\uffff\/;.,?%#]*\z/, :if => Proc.new { |u| u.display_name_changed? } validates_format_of :display_name, :with => /\A\S/, :message => "has leading whitespace", :if => Proc.new { |u| u.display_name_changed? } validates_format_of :display_name, :with => /\S\z/, :message => "has trailing whitespace", :if => Proc.new { |u| u.display_name_changed? } validates_numericality_of :home_lat, :allow_nil => true diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 15bd64ccc..5e03c7e03 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -87,7 +87,7 @@ class UserTest < ActiveSupport::TestCase # should be used. bad = [ "
", "test@example.com", "s/f", "aa/", "aa;", "aa.", "aa,", "aa?", "/;.,?", "も対応します/", "#ping", - "foo\x1fbar", "foo\x7fbar" ] + "foo\x1fbar", "foo\x7fbar", "foo\ufffebar", "foo\uffffbar" ] ok.each do |display_name| user = users(:normal_user) user.display_name = display_name -- 2.43.2