File tree Expand file tree Collapse file tree 1 file changed +4
-6
lines changed
app/controllers/api/admin/v1 Expand file tree Collapse file tree 1 file changed +4
-6
lines changed Original file line number Diff line number Diff line change @@ -248,17 +248,15 @@ def execute
248248 return render json : { error : "whatcha doin'?" } , status : :unprocessable_entity
249249 end
250250
251+ cool = %w[ created_at deleted_at ]
251252 not_cool = %w[ INSERT UPDATE DELETE DROP CREATE ALTER TRUNCATE EXEC EXECUTE ]
252- if not_cool . any? { |keyword | query . upcase . include? ( keyword ) }
253- return render json : { error : "no perms lmaooo" } , status : :forbidden
254- end
255253
256- unless query . strip . upcase . start_with? ( "SELECT" )
254+ if not_cool . any? { |keyword | query . upcase . include? ( keyword ) } &&
255+ cool . none? { |field | query . upcase . include? ( field . upcase ) }
257256 return render json : { error : "no perms lmaooo" } , status : :forbidden
258257 end
259258
260- cool = %w[ created_at deleted_at ]
261- if query . upcase . match? ( /\b (#{ not_cool . join ( '|' ) } \b / ) && !query . upcase . match? ( /\b (#{ cool . join ( '|' ) } \b / )
259+ unless query . strip . upcase . start_with? ( "SELECT" )
262260 return render json : { error : "no perms lmaooo" } , status : :forbidden
263261 end
264262
You can’t perform that action at this time.
0 commit comments