aboutsummaryrefslogtreecommitdiff
path: root/lib/mauve/alert.rb
diff options
context:
space:
mode:
authorPatrick J Cherry <patrick@bytemark.co.uk>2011-08-19 16:28:37 +0100
committerPatrick J Cherry <patrick@bytemark.co.uk>2011-08-19 16:28:37 +0100
commitcdb78656916abe5adb946a25b913cda7785a42de (patch)
tree0f656d639868c2ac8d8a14a5370ab8f2263092dc /lib/mauve/alert.rb
parent8d209c0f6a1b3c47f9bc55b6f63cb14bfa935162 (diff)
HTML now sanitised on save.
Added History tests Default polling interval now 5s, 0s for Timer/UDPServer Fixed note entry for alert page.
Diffstat (limited to 'lib/mauve/alert.rb')
-rw-r--r--lib/mauve/alert.rb38
1 files changed, 29 insertions, 9 deletions
diff --git a/lib/mauve/alert.rb b/lib/mauve/alert.rb
index bf47d34..eb5f11b 100644
--- a/lib/mauve/alert.rb
+++ b/lib/mauve/alert.rb
@@ -82,6 +82,7 @@ module Mauve
has 1, :alert_earliest_date
+ before :save, :do_sanitize_html
before :save, :take_copy_of_changes
after :save, :notify_if_needed
@@ -164,6 +165,26 @@ module Mauve
protected
#
+ # This cleans the HTML before saving.
+ #
+ def do_sanitize_html
+ html_permitted_in = [:detail]
+
+ attributes.each do |key, val|
+ next if html_permitted_in.include?(key)
+ next unless val.is_a?(String)
+
+ attribute_set(key, Alert.remove_html(val))
+ end
+
+ html_permitted_in.each do |key|
+ val = attribute_get(key)
+ next unless val.is_a?(String)
+ attribute_set(key, Alert.clean_html(val))
+ end
+ end
+
+ #
# This allows us to take a copy of the changes before we save.
#
def take_copy_of_changes
@@ -435,7 +456,8 @@ module Mauve
time_offset = (reception_time - transmission_time).round
#
- # Make sure there is no HTML in the update source.
+ # Make sure there is no HTML in the update source. Need to do this
+ # here because we use the html-free version in the database save hook.
#
update.source = Alert.remove_html(update.source)
@@ -457,8 +479,9 @@ module Mauve
end
#
- # Make sure there's no HTML in the ID... paranoia. The rest of the
- # HTML removal is done elsewhere.
+ # Make sure there's no HTML in the ID -- we need to do this here
+ # because of the database save hook will clear it out, causing this
+ # search to fail.
#
alert.id = Alert.remove_html(alert.id)
@@ -503,7 +526,7 @@ module Mauve
# Set the subject
#
if alert.subject and !alert.subject.empty?
- alert_db.subject = Alert.remove_html(alert.subject)
+ alert_db.subject = alert.subject
elsif alert_db.subject.nil?
#
@@ -512,12 +535,9 @@ module Mauve
alert_db.subject = alert_db.source
end
- alert_db.summary = Alert.remove_html(alert.summary) if alert.summary && !alert.summary.empty?
+ alert_db.summary = alert.summary if alert.summary && !alert.summary.empty?
- #
- # The detail can be HTML -- scrub out unwanted parts.
- #
- alert_db.detail = Alert.clean_html(alert.detail) if alert.detail && !alert.detail.empty?
+ alert_db.detail = alert.detail if alert.detail && !alert.detail.empty?
alert_db.importance = alert.importance if alert.importance != 0