diff --git a/app/views/accounts/_moved.html.haml b/app/views/accounts/_moved.html.haml
index 4f71b062d871bc648c7090ad0c25c9478005f93a..2f46e0dd0fb18fd7a72acdeb645dfc32cdaf3cda 100644
--- a/app/views/accounts/_moved.html.haml
+++ b/app/views/accounts/_moved.html.haml
@@ -3,7 +3,7 @@
.moved-account-widget
.moved-account-widget__message
= fa_icon 'suitcase'
- = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention'))
+ = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.pretty_acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention'))
.moved-account-widget__card
= link_to ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'detailed-status__display-name p-author h-card', target: '_blank', rel: 'me noopener noreferrer' do
@@ -17,4 +17,4 @@
%span.display-name
%bdi
%strong.emojify= display_name(moved_to_account, custom_emojify: true)
- %span @#{moved_to_account.acct}
+ %span @#{moved_to_account.pretty_acct}
diff --git a/app/views/admin/account_actions/new.html.haml b/app/views/admin/account_actions/new.html.haml
index ca4f9663f724bee763791c439e082caf4d2995b5..c7bb618dfb79ad96c345ef07ad24d2769a75384b 100644
--- a/app/views/admin/account_actions/new.html.haml
+++ b/app/views/admin/account_actions/new.html.haml
@@ -1,11 +1,11 @@
- content_for :page_title do
- = t('admin.account_actions.title', acct: @account.acct)
+ = t('admin.account_actions.title', acct: @account.pretty_acct)
= simple_form_for @account_action, url: admin_account_action_path(@account.id) do |f|
= f.input :report_id, as: :hidden
.fields-group
- = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.acct)
+ = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.pretty_acct)
- if @account.local?
%hr.spacer/
diff --git a/app/views/admin/account_warnings/_account_warning.html.haml b/app/views/admin/account_warnings/_account_warning.html.haml
index 1462e76d0046e3d5d1ea79297db7bb97f684adf3..03063518570c24a39407a5b53d105a45ce4076e0 100644
--- a/app/views/admin/account_warnings/_account_warning.html.haml
+++ b/app/views/admin/account_warnings/_account_warning.html.haml
@@ -5,7 +5,7 @@
= fa_icon 'warning'
.log-entry__content
.log-entry__title
- = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.acct, class: 'target')).html_safe
+ = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.pretty_acct, class: 'target')).html_safe
.log-entry__timestamp
%time.formatted{ datetime: account_warning.created_at.iso8601 }
= l(account_warning.created_at)
diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml
index 9a1f07a0665f2b800ce2b885c1276523eb15f645..805cf8a4f53e93ee14efebba9b32a31aab293dca 100644
--- a/app/views/admin/accounts/show.html.haml
+++ b/app/views/admin/accounts/show.html.haml
@@ -1,5 +1,5 @@
- content_for :page_title do
- = @account.acct
+ = @account.pretty_acct
- if @account.instance_actor?
.flash-message.notice
diff --git a/app/views/admin/change_emails/show.html.haml b/app/views/admin/change_emails/show.html.haml
index 6ff0d785ed21c9a93512ad6379b79c9dd5d25d87..bc00d611422666a5553ae92942e2a889bf2da8ce 100644
--- a/app/views/admin/change_emails/show.html.haml
+++ b/app/views/admin/change_emails/show.html.haml
@@ -1,5 +1,5 @@
- content_for :page_title do
- = t('admin.accounts.change_email.title', username: @account.acct)
+ = t('admin.accounts.change_email.title', username: @account.username)
= simple_form_for @user, url: admin_account_change_email_path(@account.id) do |f|
.fields-group
diff --git a/app/views/admin/disputes/appeals/_appeal.html.haml b/app/views/admin/disputes/appeals/_appeal.html.haml
index 02b8777e13c1d4283c4c64982dbabdfc79ef453d..3f6efb856e5046847c61d0201035184b931b64a5 100644
--- a/app/views/admin/disputes/appeals/_appeal.html.haml
+++ b/app/views/admin/disputes/appeals/_appeal.html.haml
@@ -4,7 +4,7 @@
= image_tag appeal.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
.log-entry__content
.log-entry__title
- = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.acct, class: 'target')).html_safe
+ = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.username, class: 'target')).html_safe
.log-entry__timestamp
%time.formatted{ datetime: appeal.strike.created_at.iso8601 }
= l(appeal.strike.created_at)
diff --git a/app/views/admin/relationships/index.html.haml b/app/views/admin/relationships/index.html.haml
index 60b9b5b256f6115b7efe7b029380d96a8aabed1f..f82cf26a38e0cc8ef09c032feb61024b322596f7 100644
--- a/app/views/admin/relationships/index.html.haml
+++ b/app/views/admin/relationships/index.html.haml
@@ -1,5 +1,5 @@
- content_for :page_title do
- = t('admin.relationships.title', acct: @account.acct)
+ = t('admin.relationships.title', acct: @account.pretty_acct)
.filters
.filter-subset
diff --git a/app/views/admin/statuses/index.html.haml b/app/views/admin/statuses/index.html.haml
index 7e2114cc2baa2b7677eb403a842dc9e1165c0232..d3d7cc160b93ea01856aaa8ac09da5b94fe52dcc 100644
--- a/app/views/admin/statuses/index.html.haml
+++ b/app/views/admin/statuses/index.html.haml
@@ -4,7 +4,7 @@
- content_for :page_title do
= t('admin.statuses.title')
\-
- = "@#{@account.acct}"
+ = "@#{@account.pretty_acct}"
.filters
.filter-subset
diff --git a/app/views/admin_mailer/new_report.text.erb b/app/views/admin_mailer/new_report.text.erb
index d6c7d6bab378019a637b800f99ae7f6ea67a7d19..f8a5224a10fc1a8bc5a597e5057ecbc9edba9ddf 100644
--- a/app/views/admin_mailer/new_report.text.erb
+++ b/app/views/admin_mailer/new_report.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.acct, reporter: @report.account.acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %>
+<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.pretty_acct, reporter: @report.account.pretty_acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %>
<%= raw t('application_mailer.view')%> <%= admin_report_url(@report) %>
diff --git a/app/views/auth/registrations/_status.html.haml b/app/views/auth/registrations/_status.html.haml
index 68954a5dafc7aea9fb205017491e298f46b4d23e..759bbc41c0dbdd25a2cdbded881b1f15bd14df08 100644
--- a/app/views/auth/registrations/_status.html.haml
+++ b/app/views/auth/registrations/_status.html.haml
@@ -7,7 +7,7 @@
= t('auth.status.pending')
- elsif @user.account.moved_to_account_id.present?
.flash-message.warning
- = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.acct)
+ = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.pretty_acct)
= link_to t('migrations.cancel'), settings_migration_path
%h3= t('auth.status.account_status')
diff --git a/app/views/authorize_interactions/show.html.haml b/app/views/authorize_interactions/show.html.haml
index 42c874134de933e5ec7eff48dc52ac741cebe2d0..2b4d2ed62b2f4bc014fe1b508ee20ce91fefe00d 100644
--- a/app/views/authorize_interactions/show.html.haml
+++ b/app/views/authorize_interactions/show.html.haml
@@ -1,5 +1,5 @@
- content_for :page_title do
- = t('authorize_follow.title', acct: @resource.acct)
+ = t('authorize_follow.title', acct: @resource.pretty_acct)
.form-container
.follow-prompt
diff --git a/app/views/authorize_interactions/success.html.haml b/app/views/authorize_interactions/success.html.haml
index 47fd09767c6afd26dab6cf5cf03d5c91382eee3a..86fa55eac66bc5a8ba5adf99991e2649c1b95ea4 100644
--- a/app/views/authorize_interactions/success.html.haml
+++ b/app/views/authorize_interactions/success.html.haml
@@ -1,5 +1,5 @@
- content_for :page_title do
- = t('authorize_follow.title', acct: @resource.acct)
+ = t('authorize_follow.title', acct: @resource.pretty_acct)
.form-container
.follow-prompt
diff --git a/app/views/notification_mailer/_status.html.haml b/app/views/notification_mailer/_status.html.haml
index f520208e11f5253b0d2e30c8fc8fe29e1f1afa5b..219e7e66792d579d6d1d822509b5fb1c27da49a8 100644
--- a/app/views/notification_mailer/_status.html.haml
+++ b/app/views/notification_mailer/_status.html.haml
@@ -23,7 +23,7 @@
= image_tag full_asset_url(status.account.avatar.url), alt:''
%td{ align: 'left' }
%bdi= display_name(status.account)
- = "@#{status.account.acct}"
+ = "@#{status.account.pretty_acct}"
- if status.spoiler_text?
%div.auto-dir
diff --git a/app/views/notification_mailer/digest.text.erb b/app/views/notification_mailer/digest.text.erb
index b2c85a9e3dcf3ee960834d9c8e716939ad3da697..4cd4190c11cb4c436c18ab77407331ca3e46b6d1 100644
--- a/app/views/notification_mailer/digest.text.erb
+++ b/app/views/notification_mailer/digest.text.erb
@@ -3,7 +3,7 @@
<%= raw t('notification_mailer.digest.body', since: l(@me.user_current_sign_in_at || @since), instance: root_url) %>
<% @notifications.each do |notification| %>
-* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.acct) %>
+* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.pretty_acct) %>
<%= raw Formatter.instance.plaintext(notification.target_status) %>
diff --git a/app/views/notification_mailer/favourite.html.haml b/app/views/notification_mailer/favourite.html.haml
index a715d615ce8ac5801432df999c0730dd04577b33..ebc5c29c73ac95226556812b43bbff70b0e1756a 100644
--- a/app/views/notification_mailer/favourite.html.haml
+++ b/app/views/notification_mailer/favourite.html.haml
@@ -20,7 +20,7 @@
= image_tag full_pack_url('media/images/mailer/icon_grade.png'), alt:''
%h1= t 'notification_mailer.favourite.title'
- %p.lead= t('notification_mailer.favourite.body', name: @account.acct)
+ %p.lead= t('notification_mailer.favourite.body', name: @account.pretty_acct)
= render 'status', status: @status
diff --git a/app/views/notification_mailer/favourite.text.erb b/app/views/notification_mailer/favourite.text.erb
index 2581b4909b2c0ee97d54f6a32b5bc404b9ba9593..f4f869656db0f64a0bb271c3dc2fdc05d7199742 100644
--- a/app/views/notification_mailer/favourite.text.erb
+++ b/app/views/notification_mailer/favourite.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw t('notification_mailer.favourite.body', name: @account.acct) %>
+<%= raw t('notification_mailer.favourite.body', name: @account.pretty_acct) %>
<%= render 'status', status: @status %>
diff --git a/app/views/notification_mailer/follow.html.haml b/app/views/notification_mailer/follow.html.haml
index cd84f785847caabe426614fd66b03b4c0cf65969..a59ef8835a61f6dd826703e4d9371bfa5c760d0f 100644
--- a/app/views/notification_mailer/follow.html.haml
+++ b/app/views/notification_mailer/follow.html.haml
@@ -20,7 +20,7 @@
= image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: ''
%h1= t 'notification_mailer.follow.title'
- %p.lead= t('notification_mailer.follow.body', name: @account.acct)
+ %p.lead= t('notification_mailer.follow.body', name: @account.pretty_acct)
%table.email-table{ cellspacing: 0, cellpadding: 0 }
%tbody
diff --git a/app/views/notification_mailer/follow.text.erb b/app/views/notification_mailer/follow.text.erb
index cbe46f552417ecef37e979f1b65aaa6e1dd5cdb5..016a0a4cfb2a14289a484ca13fb6891b5e86aa75 100644
--- a/app/views/notification_mailer/follow.text.erb
+++ b/app/views/notification_mailer/follow.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw t('notification_mailer.follow.body', name: @account.acct) %>
+<%= raw t('notification_mailer.follow.body', name: @account.pretty_acct) %>
<%= raw t('application_mailer.view')%> <%= web_url("accounts/#{@account.id}") %>
diff --git a/app/views/notification_mailer/follow_request.html.haml b/app/views/notification_mailer/follow_request.html.haml
index a63e27a909e1fcaac211fa554ae8855fd4c30be2..4c32c831ed8b63dde76371771f48d784effa7461 100644
--- a/app/views/notification_mailer/follow_request.html.haml
+++ b/app/views/notification_mailer/follow_request.html.haml
@@ -20,7 +20,7 @@
= image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: ''
%h1= t 'notification_mailer.follow_request.title'
- %p.lead= t('notification_mailer.follow_request.body', name: @account.acct)
+ %p.lead= t('notification_mailer.follow_request.body', name: @account.pretty_acct)
%table.email-table{ cellspacing: 0, cellpadding: 0 }
%tbody
diff --git a/app/views/notification_mailer/follow_request.text.erb b/app/views/notification_mailer/follow_request.text.erb
index a018394b85786f804f6cee1ccfa655dc0f2751c6..66aa97fe36a15a9a154fe61f012563739624a51f 100644
--- a/app/views/notification_mailer/follow_request.text.erb
+++ b/app/views/notification_mailer/follow_request.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw t('notification_mailer.follow_request.body', name: @account.acct) %>
+<%= raw t('notification_mailer.follow_request.body', name: @account.pretty_acct) %>
<%= raw t('application_mailer.view')%> <%= web_url("follow_requests") %>
diff --git a/app/views/notification_mailer/mention.html.haml b/app/views/notification_mailer/mention.html.haml
index 619873cfa3a34a870dc37e7d66ff6de194f3f4a6..cfb7465c14265bf86282c1c162bbf9f5dbb8259a 100644
--- a/app/views/notification_mailer/mention.html.haml
+++ b/app/views/notification_mailer/mention.html.haml
@@ -20,7 +20,7 @@
= image_tag full_pack_url('media/images/mailer/icon_reply.png'), alt: ''
%h1= t 'notification_mailer.mention.title'
- %p.lead= t('notification_mailer.mention.body', name: @status.account.acct)
+ %p.lead= t('notification_mailer.mention.body', name: @status.account.pretty_acct)
= render 'status', status: @status
diff --git a/app/views/notification_mailer/mention.text.erb b/app/views/notification_mailer/mention.text.erb
index 03f53813b92a30e82081bed4ce23526a859f1e44..f104d5f920984870fac2e986064f0e09b84bf8a7 100644
--- a/app/views/notification_mailer/mention.text.erb
+++ b/app/views/notification_mailer/mention.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw t('notification_mailer.mention.body', name: @status.account.acct) %>
+<%= raw t('notification_mailer.mention.body', name: @status.account.pretty_acct) %>
<%= render 'status', status: @status %>
diff --git a/app/views/notification_mailer/reblog.html.haml b/app/views/notification_mailer/reblog.html.haml
index a2811be23269472a7fad9e4957a541aad5c77615..c528536ec808fb1a23526b196ea4af24d12dd27f 100644
--- a/app/views/notification_mailer/reblog.html.haml
+++ b/app/views/notification_mailer/reblog.html.haml
@@ -20,7 +20,7 @@
= image_tag full_pack_url('media/images/mailer/icon_cached.png'), alt: ''
%h1= t 'notification_mailer.reblog.title'
- %p.lead= t('notification_mailer.reblog.body', name: @account.acct)
+ %p.lead= t('notification_mailer.reblog.body', name: @account.pretty_acct)
= render 'status', status: @status
diff --git a/app/views/notification_mailer/reblog.text.erb b/app/views/notification_mailer/reblog.text.erb
index 8fc841bf6e89bdebe30994bf60279ba225a873cc..73a3b39450120c8e0404d9ab8b0e4fcedc799415 100644
--- a/app/views/notification_mailer/reblog.text.erb
+++ b/app/views/notification_mailer/reblog.text.erb
@@ -1,5 +1,5 @@
<%= raw t('application_mailer.salutation', name: display_name(@me)) %>
-<%= raw t('notification_mailer.reblog.body', name: @account.acct) %>
+<%= raw t('notification_mailer.reblog.body', name: @account.pretty_acct) %>
<%= render 'status', status: @status %>
diff --git a/app/views/settings/aliases/index.html.haml b/app/views/settings/aliases/index.html.haml
index 5df0c9669ac2fedd8b0e5bfd72784b04205f95a7..c618a82f1dd65b9d5815c94b29dfb43fa629308b 100644
--- a/app/views/settings/aliases/index.html.haml
+++ b/app/views/settings/aliases/index.html.haml
@@ -29,5 +29,5 @@
- else
- @aliases.each do |account_alias|
%tr
- %td= account_alias.acct
+ %td= account_alias.pretty_acct
%td= table_link_to 'trash', t('aliases.remove'), settings_alias_path(account_alias), data: { method: :delete }
diff --git a/app/views/settings/migrations/show.html.haml b/app/views/settings/migrations/show.html.haml
index 078eaebc6c18525b513f8e7d0a3f904d24e95ea8..492f6fe12c297a33958df3655e4dacf5cbd20a03 100644
--- a/app/views/settings/migrations/show.html.haml
+++ b/app/views/settings/migrations/show.html.haml
@@ -8,7 +8,7 @@
= render 'application/card', account: current_account.moved_to_account
.fields-row__column.fields-group.fields-row__column-6
%p.hint
- %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.acct)
+ %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.pretty_acct)
%p.hint= t('migrations.cancel_explanation')
@@ -76,7 +76,7 @@
- if migration.target_account.present?
= compact_account_link_to migration.target_account
- else
- = migration.acct
+ = migration.pretty_acct
%td= number_with_delimiter migration.followers_count
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index c24146da415f730d36e814868b1f7b3bf7fd0460..80c5f6d4e568b9cf01b039160334ffc57db20b59 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -7,7 +7,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/status.rb",
- "line": 105,
+ "line": 106,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")",
"render_path": null,
@@ -27,7 +27,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/trends/query.rb",
- "line": 60,
+ "line": 76,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "klass.joins(\"join unnest(array[#{ids.join(\",\")}]) with ordinality as x (id, ordering) on #{klass.table_name}.id = x.id\")",
"render_path": null,
@@ -60,6 +60,36 @@
"confidence": "High",
"note": ""
},
+ {
+ "warning_type": "Cross-Site Scripting",
+ "warning_code": 2,
+ "fingerprint": "71cf98c8235b5cfa9946b5db8fdc1a2f3a862566abb34e4542be6f3acae78233",
+ "check_name": "CrossSiteScripting",
+ "message": "Unescaped model attribute",
+ "file": "app/views/admin/disputes/appeals/_appeal.html.haml",
+ "line": 7,
+ "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+ "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.username, :class => \"target\"))",
+ "render_path": [
+ {
+ "type": "template",
+ "name": "admin/disputes/appeals/index",
+ "line": 20,
+ "file": "app/views/admin/disputes/appeals/index.html.haml",
+ "rendered": {
+ "name": "admin/disputes/appeals/_appeal",
+ "file": "app/views/admin/disputes/appeals/_appeal.html.haml"
+ }
+ }
+ ],
+ "location": {
+ "type": "template",
+ "template": "admin/disputes/appeals/_appeal"
+ },
+ "user_input": "(Unresolved Model).new.strike",
+ "confidence": "Weak",
+ "note": ""
+ },
{
"warning_type": "SQL Injection",
"warning_code": 0,
@@ -121,33 +151,23 @@
"note": ""
},
{
- "warning_type": "Cross-Site Scripting",
- "warning_code": 2,
- "fingerprint": "afad51718ae373b2f19d2513029fd2afccf58b9148e475934bc6a162ee33c352",
- "check_name": "CrossSiteScripting",
- "message": "Unescaped model attribute",
- "file": "app/views/admin/disputes/appeals/_appeal.html.haml",
- "line": 7,
- "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
- "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.acct, :class => \"target\"))",
- "render_path": [
- {
- "type": "template",
- "name": "admin/disputes/appeals/index",
- "line": 20,
- "file": "app/views/admin/disputes/appeals/index.html.haml",
- "rendered": {
- "name": "admin/disputes/appeals/_appeal",
- "file": "app/views/admin/disputes/appeals/_appeal.html.haml"
- }
- }
- ],
+ "warning_type": "Mass Assignment",
+ "warning_code": 105,
+ "fingerprint": "ab5035dd1a9f8c3a8d92fb2c37e8fe86fede4f87c91b71aa32e89c9eede602fc",
+ "check_name": "PermitAttributes",
+ "message": "Potentially dangerous key allowed for mass assignment",
+ "file": "app/controllers/api/v1/notifications_controller.rb",
+ "line": 81,
+ "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+ "code": "params.permit(:account_id, :types => ([]), :exclude_types => ([]))",
+ "render_path": null,
"location": {
- "type": "template",
- "template": "admin/disputes/appeals/_appeal"
+ "type": "method",
+ "class": "Api::V1::NotificationsController",
+ "method": "browserable_params"
},
- "user_input": "(Unresolved Model).new.strike",
- "confidence": "Weak",
+ "user_input": ":account_id",
+ "confidence": "High",
"note": ""
},
{
@@ -184,7 +204,7 @@
{
"type": "template",
"name": "admin/trends/links/index",
- "line": 45,
+ "line": 49,
"file": "app/views/admin/trends/links/index.html.haml",
"rendered": {
"name": "admin/trends/links/_preview_card",
@@ -207,7 +227,7 @@
"check_name": "PermitAttributes",
"message": "Potentially dangerous key allowed for mass assignment",
"file": "app/controllers/api/v1/reports_controller.rb",
- "line": 36,
+ "line": 26,
"link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
"code": "params.permit(:account_id, :comment, :category, :forward, :status_ids => ([]), :rule_ids => ([]))",
"render_path": null,
@@ -221,6 +241,6 @@
"note": ""
}
],
- "updated": "2022-02-15 03:48:53 +0100",
+ "updated": "2022-03-22 07:48:32 +0100",
"brakeman_version": "5.2.1"
}