better safe url checking
parent
f4fe450f0f
commit
9fdd7d46c7
|
@ -1,6 +1,7 @@
|
|||
class Comment < ActiveRecord::Base
|
||||
belongs_to :page
|
||||
belongs_to :author
|
||||
validate :safe_url
|
||||
|
||||
def name
|
||||
if self.author
|
||||
|
@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
|
|||
self.user
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def safe_url
|
||||
return true if self.url.to_s.empty?
|
||||
if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
|
||||
true
|
||||
else
|
||||
self.errors.add(:url, "is not a permissible address")
|
||||
false
|
||||
end
|
||||
end
|
||||
end
|
Reference in New Issue