From 12de9d2514a2010638805a5168f8f1446aeebb59 Mon Sep 17 00:00:00 2001 From: Wen-Tien Chang Date: Thu, 28 Jan 2010 17:30:35 +0800 Subject: [PATCH] Add validation for item.name, only allow [a-zA-z-_] --- app/models/item.rb | 1 + lib/reroute_middleware.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/models/item.rb b/app/models/item.rb index 532cfe85..ab1a8625 100644 --- a/app/models/item.rb +++ b/app/models/item.rb @@ -14,6 +14,7 @@ class Item key :position, Integer, :required => true key :is_published, Boolean, :required => true, :default => true, :index => true + validates_format_of :name, :with => /^[a-zA-Z-_]+$/ belongs_to :parent, :class_name => "Item", :foreign_key => :parent_id many :children, :class_name => "Item", :foreign_key => :parent_id diff --git a/lib/reroute_middleware.rb b/lib/reroute_middleware.rb index 7e39dd4a..29dc89c4 100644 --- a/lib/reroute_middleware.rb +++ b/lib/reroute_middleware.rb @@ -9,7 +9,7 @@ class RerouteMiddleware #Rails.logger.debug env.to_yaml return @app.call(env) if env['REQUEST_URI'] =~ /^\/admin/ - env['REQUEST_URI'] =~ /^\/([\w]*)/ + env['REQUEST_URI'] =~ /^\/([a-zA-Z-_]*)/ parsed_entry_name = $1 entry = Item.find_by_name( parsed_entry_name )