mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
7b53e610c1
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
30 lines
702 B
Ruby
30 lines
702 B
Ruby
# frozen_string_literal: true
|
|
|
|
module PageObjects
|
|
module Pages
|
|
class AdminWatchedWords < PageObjects::Pages::Base
|
|
def visit
|
|
page.visit "admin/customize/watched_words"
|
|
self
|
|
end
|
|
|
|
def add_word(word)
|
|
ww = page.find("#watched-words")
|
|
ww.find("#watched-words-header").click
|
|
ww.find(".filter-input").send_keys(word)
|
|
ww.find(".select-kit-row").click
|
|
|
|
page.find(".watched-words-detail .btn-primary").click
|
|
end
|
|
|
|
def has_word?
|
|
has_css?(".watched-words-detail .show-words-checkbox")
|
|
end
|
|
|
|
def has_error?(error)
|
|
has_css?(".dialog-container .dialog-body", text: error)
|
|
end
|
|
end
|
|
end
|
|
end
|