diff --git a/app/controllers/calendars_controller.rb b/app/controllers/calendars_controller.rb index a431cf3..4083e2b 100644 --- a/app/controllers/calendars_controller.rb +++ b/app/controllers/calendars_controller.rb @@ -58,6 +58,9 @@ class CalendarsController < ApplicationController end def events + if !(valid_timestamp?(params[:start]) && valid_timestamp?(params[:end])) + return render json: {}, status: :unprocessable_entity + end page = Page.find_by(:page_id => params[:page_id]) rescue nil events =[] locale = params[:locale]||I18n.locale @@ -83,8 +86,11 @@ class CalendarsController < ApplicationController end end - + def index_agenda + if !(valid_timestamp?(params[:unix_start]) && valid_timestamp?(params[:unix_end])) + return render json: {}, status: :unprocessable_entity + end locale = params[:locale]||I18n.locale locale = 'zh_tw' if locale == 'zh_cn' I18n.with_locale(locale) do @@ -114,6 +120,9 @@ class CalendarsController < ApplicationController end def agenda + if !(valid_timestamp?(params[:unix_start]) && valid_timestamp?(params[:unix_end])) + return render json: {}, status: :unprocessable_entity + end locale = params[:locale]||I18n.locale locale = 'zh_tw' if locale == 'zh_cn' I18n.with_locale(locale) do @@ -129,6 +138,7 @@ class CalendarsController < ApplicationController calendar_types = [] tags = [] end + if params[:unix_start].present? && params[:unix_end].present? agenda_start = Time.at(params[:unix_start].to_i).utc agenda_end = Time.at(params[:unix_end].to_i).utc @@ -156,16 +166,17 @@ class CalendarsController < ApplicationController " end.join("\n") end + + private + def valid_timestamp?(number) + begin + # Ensure the input is numeric and within a practical range + number = Integer(number) rescue Float(number) + min_timestamp = Time.new(1900, 1, 1).to_i + max_timestamp = Time.new(3000, 12, 31).to_i + number >= min_timestamp && number <= max_timestamp + rescue ArgumentError, TypeError + false + end + end end - - - - - - - - - - - -