Disallow numeric-only hashtags (#11363)

* Add spec covering numeric-only hashtags

* Fix hashtag regex
main
ThibG 2019-07-19 23:22:35 +02:00 committed by Eugen Rochko
parent 650459f93c
commit c37c1da41e
2 changed files with 6 additions and 2 deletions

View File

@ -17,10 +17,10 @@ class Tag < ApplicationRecord
has_many :featured_tags, dependent: :destroy, inverse_of: :tag has_many :featured_tags, dependent: :destroy, inverse_of: :tag
has_one :account_tag_stat, dependent: :destroy has_one :account_tag_stat, dependent: :destroy
HASHTAG_NAME_RE = '[[:word:]_][[:word:]_]*[[:alpha:]_·]*[[:word:]_·]*[[:word:]_]' HASHTAG_NAME_RE = '([[:word:]_][[:word:]_·]*[[:alpha:]_·][[:word:]_·]*[[:word:]_])|([[:word:]_]*[[:alpha:]][[:word:]_]*)'
HASHTAG_RE = /(?:^|[^\/\)\w])#(#{HASHTAG_NAME_RE})/i HASHTAG_RE = /(?:^|[^\/\)\w])#(#{HASHTAG_NAME_RE})/i
validates :name, presence: true, uniqueness: true, format: { with: /\A#{HASHTAG_NAME_RE}\z/i } validates :name, presence: true, uniqueness: true, format: { with: /\A(#{HASHTAG_NAME_RE})\z/i }
scope :discoverable, -> { joins(:account_tag_stat).where(AccountTagStat.arel_table[:accounts_count].gt(0)).where(account_tag_stats: { hidden: false }).order(Arel.sql('account_tag_stats.accounts_count desc')) } scope :discoverable, -> { joins(:account_tag_stat).where(AccountTagStat.arel_table[:accounts_count].gt(0)).where(account_tag_stats: { hidden: false }).order(Arel.sql('account_tag_stats.accounts_count desc')) }
scope :hidden, -> { where(account_tag_stats: { hidden: true }) } scope :hidden, -> { where(account_tag_stats: { hidden: true }) }

View File

@ -69,6 +69,10 @@ RSpec.describe Tag, type: :model do
it 'does not match middle dots at the end' do it 'does not match middle dots at the end' do
expect(subject.match('hello #one·two·three·').to_s).to eq ' #one·two·three' expect(subject.match('hello #one·two·three·').to_s).to eq ' #one·two·three'
end end
it 'does not match purely-numeric hashtags' do
expect(subject.match('hello #0123456')).to be_nil
end
end end
describe '#to_param' do describe '#to_param' do