Skip to content

Commit

Permalink
fix(xss): sanitize parameters (#829)
Browse files Browse the repository at this point in the history
  • Loading branch information
mhenrixon authored Feb 5, 2024
1 parent 6e367f7 commit ec3afd9
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions lib/sidekiq_unique_jobs/web.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
end

app.get "/changelogs" do
@filter = params[:filter] || "*"
@filter = h(params[:filter] || "*")
@filter = "*" if @filter == ""
@count = (params[:count] || 100).to_i
@current_cursor = params[:cursor].to_i
@prev_cursor = params[:prev_cursor].to_i
@count = h(params[:count] || 100).to_i
@current_cursor = h(params[:cursor]).to_i
@prev_cursor = h(params[:prev_cursor]).to_i
@total_size, @next_cursor, @changelogs = changelog.page(
cursor: @current_cursor,
pattern: @filter,
Expand All @@ -33,11 +33,11 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
end

app.get "/locks" do
@filter = params[:filter] || "*"
@filter = h(params[:filter]) || "*"
@filter = "*" if @filter == ""
@count = (params[:count] || 100).to_i
@current_cursor = params[:cursor].to_i
@prev_cursor = params[:prev_cursor].to_i
@count = h(params[:count] || 100).to_i
@current_cursor = h(params[:cursor]).to_i
@prev_cursor = h(params[:prev_cursor]).to_i

@total_size, @next_cursor, @locks = digests.page(
cursor: @current_cursor,
Expand All @@ -49,11 +49,11 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
end

app.get "/expiring_locks" do
@filter = params[:filter] || "*"
@filter = h(params[:filter]) || "*"
@filter = "*" if @filter == ""
@count = (params[:count] || 100).to_i
@current_cursor = params[:cursor].to_i
@prev_cursor = params[:prev_cursor].to_i
@count = h(params[:count] || 100).to_i
@current_cursor = h(params[:cursor]).to_i
@prev_cursor = h(params[:prev_cursor]).to_i

@total_size, @next_cursor, @locks = expiring_digests.page(
cursor: @current_cursor,
Expand All @@ -71,20 +71,20 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
end

app.get "/locks/:digest" do
@digest = params[:digest]
@digest = h(params[:digest])
@lock = SidekiqUniqueJobs::Lock.new(@digest)

erb(unique_template(:lock))
end

app.get "/locks/:digest/delete" do
digests.delete_by_digest(params[:digest])
expiring_digests.delete_by_digest(params[:digest])
digests.delete_by_digest(h(params[:digest]))
expiring_digests.delete_by_digest(h(params[:digest]))
redirect_to :locks
end

app.get "/locks/:digest/jobs/:job_id/delete" do
@digest = params[:digest]
@digest = h(params[:digest])
@lock = SidekiqUniqueJobs::Lock.new(@digest)
@lock.unlock(params[:job_id])

Expand Down

0 comments on commit ec3afd9

Please # to comment.