penguincoder
/
tuxbliki
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

better safe url checking

master
Coleman 2008-08-07 17:45:33 -05:00
parent f4fe450f0f
commit 9fdd7d46c7
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/models/comment.rb
View File

@ -1,6 +1,7 @@
class Comment < ActiveRecord::Base class Comment < ActiveRecord::Base
belongs_to :page belongs_to :page
belongs_to :author belongs_to :author
validate :safe_url
def name def name
if self.author if self.author
@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
self.user self.user
end end
end end
private
def safe_url
return true if self.url.to_s.empty?
if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
true
else
self.errors.add(:url, "is not a permissible address")
false
end
end
end end