mirror of
https://github.com/mastodon/mastodon
synced 2024-11-27 06:18:17 +09:00
Fix being able to retrieve unusable hashtags through the API
This commit is contained in:
parent
3939352e92
commit
8733975f13
@ -29,5 +29,7 @@ class Api::V1::TagsController < Api::BaseController
|
||||
return not_found unless Tag::HASHTAG_NAME_RE.match?(params[:id])
|
||||
|
||||
@tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id])
|
||||
|
||||
not_found unless @tag.usable?
|
||||
end
|
||||
end
|
||||
|
@ -19,7 +19,7 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController
|
||||
end
|
||||
|
||||
def load_tag
|
||||
@tag = Tag.find_normalized(params[:id])
|
||||
@tag = Tag.usable.find_normalized(params[:id])
|
||||
end
|
||||
|
||||
def load_statuses
|
||||
|
@ -13,6 +13,8 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
).freeze
|
||||
|
||||
class Query
|
||||
attr_reader :keywords
|
||||
|
||||
def initialize(clauses, options = {})
|
||||
raise ArgumentError if options[:current_account].nil?
|
||||
|
||||
@ -20,6 +22,7 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
@options = options
|
||||
|
||||
flags_from_clauses!
|
||||
keywords_from_clauses!
|
||||
end
|
||||
|
||||
def request
|
||||
@ -42,6 +45,10 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
@flags = clauses_by_operator.fetch(:flag, []).to_h { |clause| [clause.prefix, clause.term] }
|
||||
end
|
||||
|
||||
def keywords_from_clauses!
|
||||
@keywords = must_clauses.flat_map(&:keywords).uniq
|
||||
end
|
||||
|
||||
def must_clauses
|
||||
clauses_by_operator.fetch(:must, [])
|
||||
end
|
||||
@ -128,6 +135,10 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
{ multi_match: { type: 'most_fields', query: @term, fields: ['text', 'text.stemmed'], operator: 'and' } }
|
||||
end
|
||||
end
|
||||
|
||||
def keywords
|
||||
@term.split
|
||||
end
|
||||
end
|
||||
|
||||
class PhraseClause
|
||||
@ -141,6 +152,10 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
def to_query
|
||||
{ match_phrase: { text: { query: @phrase } } }
|
||||
end
|
||||
|
||||
def keywords
|
||||
@phrase.split
|
||||
end
|
||||
end
|
||||
|
||||
class PrefixClause
|
||||
@ -193,6 +208,10 @@ class SearchQueryTransformer < Parslet::Transform
|
||||
end
|
||||
end
|
||||
|
||||
def keywords
|
||||
[]
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def account_id_from_term(term)
|
||||
|
@ -25,6 +25,8 @@ class StatusesSearchService < BaseService
|
||||
private
|
||||
|
||||
def status_search_results
|
||||
return [] if contains_forbidden_terms?
|
||||
|
||||
request = parsed_query.request
|
||||
results = request.collapse(field: :id).order(id: { order: :desc }).limit(@limit).offset(@offset).objects.compact
|
||||
account_ids = results.map(&:account_id)
|
||||
@ -37,7 +39,7 @@ class StatusesSearchService < BaseService
|
||||
end
|
||||
|
||||
def parsed_query
|
||||
SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account)
|
||||
@parsed_query ||= SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account)
|
||||
end
|
||||
|
||||
def convert_deprecated_options!
|
||||
@ -60,4 +62,8 @@ class StatusesSearchService < BaseService
|
||||
|
||||
@query = "#{@query} #{syntax_options.join(' ')}".strip if syntax_options.any?
|
||||
end
|
||||
|
||||
def contains_forbidden_terms?
|
||||
Tag.where(usable: false).matching_name(parsed_query.keywords).exists?
|
||||
end
|
||||
end
|
||||
|
@ -41,7 +41,7 @@ class TagSearchService < BaseService
|
||||
|
||||
normalized_query = Tag.normalize(@query)
|
||||
exact_match = results.find { |tag| tag.name.downcase == normalized_query }
|
||||
exact_match ||= Tag.find_normalized(normalized_query)
|
||||
exact_match ||= Tag.listable.find_normalized(normalized_query)
|
||||
unless exact_match.nil?
|
||||
results.delete(exact_match)
|
||||
results = [exact_match] + results
|
||||
|
Loading…
Reference in New Issue
Block a user