From 726931fe4a8202c64fd1a72a6043f80fe075fda7 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 20 Jul 2022 17:06:52 +0200 Subject: [PATCH] Fix /api/v1/tags/:id route constraints (#18854) The constraint was applied prior to decoding, and rejected anything containing the '%' character, which would be used for anything with non-ASCII unicode characters. --- app/controllers/api/v1/tags_controller.rb | 1 + config/routes.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/tags_controller.rb b/app/controllers/api/v1/tags_controller.rb index d45015ff5a..9e5c53330a 100644 --- a/app/controllers/api/v1/tags_controller.rb +++ b/app/controllers/api/v1/tags_controller.rb @@ -24,6 +24,7 @@ class Api::V1::TagsController < Api::BaseController private def set_or_create_tag + return not_found unless /\A(#{Tag::HASHTAG_NAME_RE})\z/.match?(params[:id]) @tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id]) end end diff --git a/config/routes.rb b/config/routes.rb index 7a902b1f03..7dc9f391db 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -530,7 +530,7 @@ Rails.application.routes.draw do resource :note, only: :create, controller: 'accounts/notes' end - resources :tags, only: [:show], constraints: { id: /#{Tag::HASHTAG_NAME_RE}/ } do + resources :tags, only: [:show] do member do post :follow post :unfollow