Migrate `form_tag` to `form_with` in admin and auth views (#30692)

main-rebase-security-fix
Matt Jankowski 2024-06-14 05:49:10 -04:00 committed by GitHub
parent a7264a2b42
commit 8d5ed19c6d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 122 additions and 69 deletions

View File

@ -1,30 +1,30 @@
- content_for :page_title do
= t('admin.accounts.title')
= form_tag admin_accounts_url, method: 'GET', class: 'simple_form' do
= form_with url: admin_accounts_url, method: :get, class: :simple_form do |form|
.filters
.filter-subset.filter-subset--with-select
%strong= t('admin.accounts.location.title')
.input.select.optional
= select_tag :origin,
= form.select :origin,
options_for_select([[t('admin.accounts.location.local'), 'local'], [t('admin.accounts.location.remote'), 'remote']], params[:origin]),
prompt: I18n.t('generic.all')
.filter-subset.filter-subset--with-select
%strong= t('admin.accounts.moderation.title')
.input.select.optional
= select_tag :status,
= form.select :status,
options_for_select(admin_accounts_moderation_options, params[:status]),
prompt: I18n.t('generic.all')
.filter-subset.filter-subset--with-select
%strong= t('admin.accounts.role')
.input.select.optional
= select_tag :role_ids,
= form.select :role_ids,
options_from_collection_for_select(UserRole.assignable, :id, :name, params[:role_ids]),
prompt: I18n.t('admin.accounts.moderation.all')
.filter-subset.filter-subset--with-select
%strong= t 'generic.order_by'
.input.select
= select_tag :order,
= form.select :order,
options_for_select([[t('relationships.most_recent'), 'recent'], [t('relationships.last_active'), 'active']], params[:order])
.fields-group
@ -32,7 +32,10 @@
- next if key == :by_domain && params[:origin] != 'remote'
.input.string.optional
= text_field_tag key, params[key], class: 'string optional', placeholder: I18n.t("admin.accounts.#{key}")
= form.text_field key,
value: params[key],
class: 'string optional',
placeholder: I18n.t("admin.accounts.#{key}")
.actions
%button.button= t('admin.accounts.search')

View File

@ -1,19 +1,23 @@
- content_for :page_title do
= t('admin.action_logs.title')
= form_tag admin_action_logs_url, method: 'GET', class: 'simple_form' do
= form_with url: admin_action_logs_url, method: :get, class: :simple_form do |form|
= hidden_field_tag :target_account_id, params[:target_account_id] if params[:target_account_id].present?
.filters
.filter-subset.filter-subset--with-select
%strong= t('admin.action_logs.filter_by_user')
.input.select.optional
= select_tag :account_id, options_from_collection_for_select(@auditable_accounts, :id, :username, params[:account_id]), prompt: I18n.t('admin.accounts.moderation.all')
= form.select :account_id,
options_from_collection_for_select(@auditable_accounts, :id, :username, params[:account_id]),
prompt: I18n.t('admin.accounts.moderation.all')
.filter-subset.filter-subset--with-select
%strong= t('admin.action_logs.filter_by_action')
.input.select.optional
= select_tag :action_type, options_for_select(Admin::ActionLogFilter::ACTION_TYPE_MAP.keys.map { |key| [I18n.t("admin.action_logs.action_types.#{key}"), key] }, params[:action_type]), prompt: I18n.t('admin.accounts.moderation.all')
= form.select :action_type,
options_for_select(Admin::ActionLogFilter::ACTION_TYPE_MAP.keys.map { |key| [I18n.t("admin.action_logs.action_types.#{key}"), key] }, params[:action_type]),
prompt: I18n.t('admin.accounts.moderation.all')
- if @action_logs.empty?
.muted-hint.center-text

View File

@ -21,14 +21,17 @@
- else
= filter_link_to t('admin.accounts.location.remote'), remote: '1', local: nil
= form_tag admin_custom_emojis_url, method: 'GET', class: 'simple_form' do
= form_with url: admin_custom_emojis_url, method: :get, class: :simple_form do |form|
.fields-group
- CustomEmojiFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
- %i(shortcode by_domain).each do |key|
.input.string.optional
= text_field_tag key, params[key], class: 'string optional', placeholder: I18n.t("admin.custom_emojis.#{key}")
= form.text_field key,
value: params[key],
class: 'string optional',
placeholder: I18n.t("admin.custom_emojis.#{key}")
.actions
%button.button= t('admin.accounts.search')

View File

@ -5,15 +5,15 @@
%hr.spacer/
= form_tag admin_follow_recommendations_path, method: 'GET', class: 'simple_form' do
= form_with url: admin_follow_recommendations_path, method: :get, class: :simple_form do |form|
- RelationshipFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
.filters
.filter-subset.filter-subset--with-select
%strong= t('admin.follow_recommendations.language')
.input.select.optional
= select_tag :language,
= form.select :language,
options_for_select(Trends.available_locales.map { |key| [standard_locale_name(key), key] }, @language)
.filter-subset
%strong= t('admin.follow_recommendations.status')

View File

@ -28,14 +28,17 @@
%li= filter_link_to t('admin.instances.delivery.unavailable'), availability: 'unavailable'
- unless limited_federation_mode?
= form_tag admin_instances_url, method: 'GET', class: 'simple_form' do
= form_with url: admin_instances_url, method: :get, class: :simple_form do |form|
.fields-group
- InstanceFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
- %i(by_domain).each do |key|
.input.string.optional
= text_field_tag key, params[key], class: 'string optional', placeholder: I18n.t("admin.instances.#{key}")
= form.text_field key,
value: params[key],
class: 'string optional',
placeholder: I18n.t("admin.instances.#{key}")
.actions
%button.button= t('admin.accounts.search')

View File

@ -1,4 +1,4 @@
= form_tag preview_admin_report_actions_path(report), method: :post do
= form_with url: preview_admin_report_actions_path(report) do |form|
.report-actions
.report-actions__item
.report-actions__item__button
@ -8,26 +8,36 @@
- if statuses.any? { |status| (status.with_media? || status.with_preview_card?) && !status.discarded? }
.report-actions__item
.report-actions__item__button
= button_tag t('admin.reports.mark_as_sensitive'), name: :mark_as_sensitive, class: 'button'
= form.button t('admin.reports.mark_as_sensitive'),
name: :mark_as_sensitive,
class: 'button'
.report-actions__item__description
= t('admin.reports.actions.mark_as_sensitive_description_html')
.report-actions__item
.report-actions__item__button
= button_tag t('admin.reports.delete_and_resolve'), name: :delete, class: 'button button--destructive'
= form.button t('admin.reports.delete_and_resolve'),
name: :delete,
class: 'button button--destructive'
.report-actions__item__description
= t('admin.reports.actions.delete_description_html')
.report-actions__item
.report-actions__item__button
= button_tag t('admin.accounts.silence'), name: :silence, class: 'button button--destructive'
= form.button t('admin.accounts.silence'),
name: :silence,
class: 'button button--destructive'
.report-actions__item__description
= t('admin.reports.actions.silence_description_html')
.report-actions__item
.report-actions__item__button
= button_tag t('admin.accounts.suspend'), name: :suspend, class: 'button button--destructive'
= form.button t('admin.accounts.suspend'),
name: :suspend,
class: 'button button--destructive'
.report-actions__item__description
= t('admin.reports.actions.suspend_description_html')
.report-actions__item
.report-actions__item__button
= link_to t('admin.accounts.custom'), new_admin_account_action_path(report.target_account_id, report_id: report.id), class: 'button'
= link_to t('admin.accounts.custom'),
new_admin_account_action_path(report.target_account_id, report_id: report.id),
class: 'button'
.report-actions__item__description
= t('admin.reports.actions.other_description_html')

View File

@ -4,8 +4,8 @@
- content_for :page_title do
= t('admin.reports.confirm_action', acct: target_acct)
= form_tag admin_report_actions_path(@report), class: 'simple_form', method: :post do
= hidden_field_tag :moderation_action, @moderation_action
= form_with url: admin_report_actions_path(@report), class: :simple_form do |form|
= form.hidden_field :moderation_action, value: @moderation_action
%p.hint= t("admin.reports.summary.action_preambles.#{@moderation_action}_html", acct: target_acct)
%ul.hint
@ -30,7 +30,9 @@
%p= t "user_mailer.warning.explanation.#{warning_action}", instance: Rails.configuration.x.local_domain
.fields-group
= text_area_tag :text, nil, placeholder: t('admin.reports.summary.warning_placeholder')
= form.text_area :text,
value: nil,
placeholder: t('admin.reports.summary.warning_placeholder')
- unless @report.other?
%p
@ -75,4 +77,7 @@
.actions
= link_to t('admin.reports.cancel'), admin_report_path(@report), class: 'button button-tertiary'
= button_tag t('admin.reports.confirm'), name: :confirm, class: 'button', type: :submit
= form.button t('admin.reports.confirm'),
name: :confirm,
class: 'button',
type: :submit

View File

@ -14,14 +14,17 @@
%li= filter_link_to t('admin.accounts.location.local'), target_origin: 'local'
%li= filter_link_to t('admin.accounts.location.remote'), target_origin: 'remote'
= form_tag admin_reports_url, method: 'GET', class: 'simple_form' do
= form_with url: admin_reports_url, method: :get, class: :simple_form do |form|
.fields-group
- ReportFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
- %i(by_target_domain).each do |key|
.input.string.optional
= text_field_tag key, params[key], class: 'string optional', placeholder: I18n.t("admin.reports.#{key}")
= form.text_field key,
value: params[key],
class: 'string optional',
placeholder: I18n.t("admin.reports.#{key}")
.actions
%button.button= t('admin.accounts.search')

View File

@ -5,15 +5,15 @@
%hr.spacer/
= form_tag admin_trends_links_path, method: 'GET', class: 'simple_form' do
= form_with url: admin_trends_links_path, method: :get, class: :simple_form do |form|
- Trends::PreviewCardFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
.filters
.filter-subset.filter-subset--with-select
%strong= t('admin.follow_recommendations.language')
.input.select.optional
= select_tag :locale,
= form.select :locale,
options_for_select(@locales.map { |key| [standard_locale_name(key), key] }, params[:locale]),
include_blank: true
.filter-subset

View File

@ -5,15 +5,17 @@
%hr.spacer/
= form_tag admin_trends_statuses_path, method: 'GET', class: 'simple_form' do
= form_with url: admin_trends_statuses_path, method: :get, class: :simple_form do |form|
- Trends::StatusFilter::KEYS.each do |key|
= hidden_field_tag key, params[key] if params[key].present?
= form.hidden_field key, value: params[key] if params[key].present?
.filters
.filter-subset.filter-subset--with-select
%strong= t('admin.follow_recommendations.language')
.input.select.optional
= select_tag :locale, options_for_select(@locales.map { |key| [standard_locale_name(key), key] }, params[:locale]), include_blank: true
= form.select :locale,
options_for_select(@locales.map { |key| [standard_locale_name(key), key] }, params[:locale]),
include_blank: true
.filter-subset
%strong= t('admin.trends.trending')
%ul

View File

@ -1,11 +1,13 @@
- content_for :page_title do
= t('auth.captcha_confirmation.title')
= form_tag auth_captcha_confirmation_url, method: 'POST', class: 'simple_form' do
= form_with url: auth_captcha_confirmation_url, class: :simple_form do |form|
= render 'auth/shared/progress', stage: 'confirm'
= hidden_field_tag :confirmation_token, params[:confirmation_token]
= hidden_field_tag :redirect_to_app, params[:redirect_to_app]
= form.hidden_field :confirmation_token,
value: params[:confirmation_token]
= form.hidden_field :redirect_to_app,
value: params[:redirect_to_app]
%h1.title= t('auth.captcha_confirmation.title')
%p.lead= t('auth.captcha_confirmation.hint_html')
@ -15,4 +17,6 @@
%p.lead= t('auth.captcha_confirmation.help_html', email: mail_to(Setting.site_contact_email, nil))
.actions
= button_tag t('challenge.confirm'), class: 'button', type: :submit
= form.button t('challenge.confirm'),
class: 'button',
type: :submit

View File

@ -10,7 +10,10 @@
email: content_tag(:strong, @user.email),
settings_path: settings_preferences_notifications_path
= form_tag unsubscribe_path, method: :post do
= hidden_field_tag :token, params[:token]
= hidden_field_tag :type, params[:type]
= button_tag t('mail_subscriptions.unsubscribe.action'), type: :submit
= form_with url: unsubscribe_path do |form|
= form.hidden_field :token,
value: params[:token]
= form.hidden_field :type,
value: params[:type]
= form.button t('mail_subscriptions.unsubscribe.action'),
type: :submit

View File

@ -21,18 +21,31 @@
= t(scope.access, scope: [:doorkeeper, :grouped_scopes, :access])
.actions
= form_tag oauth_authorization_path, method: :post do
= hidden_field_tag :client_id, @pre_auth.client.uid
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri
= hidden_field_tag :state, @pre_auth.state
= hidden_field_tag :response_type, @pre_auth.response_type
= hidden_field_tag :scope, @pre_auth.scope
= button_tag t('doorkeeper.authorizations.buttons.authorize'), type: :submit
= form_with url: oauth_authorization_path do |form|
= form.hidden_field :client_id,
value: @pre_auth.client.uid
= form.hidden_field :redirect_uri,
value: @pre_auth.redirect_uri
= form.hidden_field :state,
value: @pre_auth.state
= form.hidden_field :response_type,
value: @pre_auth.response_type
= form.hidden_field :scope,
value: @pre_auth.scope
= form.button t('doorkeeper.authorizations.buttons.authorize'),
type: :submit
= form_tag oauth_authorization_path, method: :delete do
= hidden_field_tag :client_id, @pre_auth.client.uid
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri
= hidden_field_tag :state, @pre_auth.state
= hidden_field_tag :response_type, @pre_auth.response_type
= hidden_field_tag :scope, @pre_auth.scope
= button_tag t('doorkeeper.authorizations.buttons.deny'), type: :submit, class: 'negative'
= form_with url: oauth_authorization_path, method: :delete do |form|
= form.hidden_field :client_id,
value: @pre_auth.client.uid
= form.hidden_field :redirect_uri,
value: @pre_auth.redirect_uri
= form.hidden_field :state,
value: @pre_auth.state
= form.hidden_field :response_type,
value: @pre_auth.response_type
= form.hidden_field :scope,
value: @pre_auth.scope
= form.button t('doorkeeper.authorizations.buttons.deny'),
type: :submit,
class: 'negative'