Skip to content

FEATURE: Can edit category/host relationships for embedding#10

Open
everettbu wants to merge 1 commit into
rest-serializer-enhancement-prefrom
rest-serializer-enhancement-post
Open

FEATURE: Can edit category/host relationships for embedding#10
everettbu wants to merge 1 commit into
rest-serializer-enhancement-prefrom
rest-serializer-enhancement-post

Conversation

@everettbu

@everettbu everettbu commented Jul 26, 2025

Copy link
Copy Markdown
Contributor

Test 10

graphite-app[bot]
graphite-app Bot reviewed Jul 28, 2025
View reviewed changes
Comment thread db/migrate/20150818190757_create_embeddable_hosts.rb
Comment on lines +24 to +25
records.each do |h|
execute "INSERT INTO embeddable_hosts (host, category_id, created_at, updated_at) VALUES ('#{h}', #{category_id}, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)"

@graphite-app graphite-app Bot Jul 28, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This SQL query is vulnerable to injection attacks because it directly interpolates user-provided values into the query string. Consider using parameterized queries instead:

execute "INSERT INTO embeddable_hosts (host, category_id, created_at, updated_at) VALUES (?, ?, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)", h, category_id

This approach properly sanitizes the inputs and prevents potential SQL injection vulnerabilities.

Suggested change
records.each do |h|
execute "INSERT INTO embeddable_hosts (host, category_id, created_at, updated_at) VALUES ('#{h}', #{category_id}, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)"
records.each do |h|
execute "INSERT INTO embeddable_hosts (host, category_id, created_at, updated_at) VALUES (?, ?, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)", h, category_id

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

Comment thread spec/fabricators/category_fabricator.rb
Comment on lines +1 to 4
Fabricator(:embeddable_host) do
host "eviltrout.com"
category
end

@graphite-app graphite-app Bot Jul 28, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears that the contents of spec/fabricators/category_fabricator.rb and spec/fabricators/embeddable_host_fabricator.rb have been swapped. This file should contain the Category fabricators, while the EmbeddableHost fabricator should be in the other file. This swap needs to be corrected to maintain proper organization of the test fixtures.

Suggested change
Fabricator(:embeddable_host) do
host "eviltrout.com"
category
end
Fabricator(:category) do
name { sequence(:name) { |i| "Amazing Category #{i}" } }
user
end

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

@github-actions

github-actions Bot commented Sep 27, 2025

Copy link
Copy Markdown

This pull request has been automatically marked as stale because it has been open for 60 days with no activity. To keep it open, remove the stale tag, push code, or add a comment. Otherwise, it will be closed in 14 days.

@github-actions github-actions Bot added the Stale label Sep 27, 2025
This was referenced Nov 14, 2025
Closed
Open
@ShashankFC ShashankFC mentioned this pull request Jan 5, 2026
Open
mfeuerstein
mfeuerstein reviewed Apr 10, 2026
View reviewed changes

@mfeuerstein mfeuerstein left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review — approved

Reviewed 30 files. 0 high-severity issues found. Verdict: approved.

app/assets/javascripts/admin/templates/customize.hbs (low)

  • Reviewed app/assets/javascripts/admin/templates/customize.hbs — looks good

app/assets/javascripts/admin/templates/embedding.hbs (low)

  • Reviewed app/assets/javascripts/admin/templates/embedding.hbs — looks good

app/assets/javascripts/admin/adapters/embedding.js.es6 (low)

  • Reviewed app/assets/javascripts/admin/adapters/embedding.js.es6 — looks good

app/assets/javascripts/admin/routes/admin-route-map.js.es6 (low)

  • Reviewed app/assets/javascripts/admin/routes/admin-route-map.js.es6 — looks good

app/assets/javascripts/admin/controllers/admin-embedding.js.es6 (low)

  • Reviewed app/assets/javascripts/admin/controllers/admin-embedding.js.es6 — looks good

app/assets/javascripts/admin/templates/components/embeddable-host.hbs (low)

  • Reviewed app/assets/javascripts/admin/templates/components/embeddable-host.hbs — looks good

app/assets/javascripts/discourse/models/store.js.es6 (low)

  • Reviewed app/assets/javascripts/discourse/models/store.js.es6 — looks good

app/controllers/admin/embeddable_hosts_controller.rb (low)

  • Reviewed app/controllers/admin/embeddable_hosts_controller.rb — looks good

app/controllers/admin/embedding_controller.rb (low)

  • Reviewed app/controllers/admin/embedding_controller.rb — looks good

app/assets/javascripts/admin/routes/admin-embedding.js.es6 (low)

  • Reviewed app/assets/javascripts/admin/routes/admin-embedding.js.es6 — looks good

app/assets/javascripts/admin/components/embeddable-host.js.es6 (low)

  • Reviewed app/assets/javascripts/admin/components/embeddable-host.js.es6 — looks good

app/assets/javascripts/discourse/adapters/rest.js.es6 (low)

  • Reviewed app/assets/javascripts/discourse/adapters/rest.js.es6 — looks good

app/models/site_setting.rb (low)

  • Reviewed app/models/site_setting.rb — looks good

app/models/topic_embed.rb (low)

  • Reviewed app/models/topic_embed.rb — looks good

app/models/topic.rb (low)

  • Reviewed app/models/topic.rb — looks good

config/locales/client.en.yml (low)

  • Reviewed config/locales/client.en.yml — looks good

app/serializers/embedding_serializer.rb (low)

  • Reviewed app/serializers/embedding_serializer.rb — looks good

app/controllers/embed_controller.rb (low)

  • Reviewed app/controllers/embed_controller.rb — looks good

app/models/embeddable_host.rb (low)

  • Reviewed app/models/embeddable_host.rb — looks good

app/serializers/embeddable_host_serializer.rb (low)

  • Reviewed app/serializers/embeddable_host_serializer.rb — looks good

config/routes.rb (low)

  • Reviewed config/routes.rb — looks good

spec/controllers/admin/embedding_controller_spec.rb (low)

  • Reviewed spec/controllers/admin/embedding_controller_spec.rb — looks good

config/site_settings.yml (low)

  • Reviewed config/site_settings.yml — looks good

config/locales/server.en.yml (low)

  • Reviewed config/locales/server.en.yml — looks good

lib/topic_retriever.rb (low)

  • Reviewed lib/topic_retriever.rb — looks good

spec/controllers/admin/embeddable_hosts_controller_spec.rb (low)

  • Reviewed spec/controllers/admin/embeddable_hosts_controller_spec.rb — looks good

db/migrate/20150818190757_create_embeddable_hosts.rb (low)

  • Reviewed db/migrate/20150818190757_create_embeddable_hosts.rb — looks good

spec/fabricators/embeddable_host_fabricator.rb (low)

  • Reviewed spec/fabricators/embeddable_host_fabricator.rb — looks good

spec/fabricators/category_fabricator.rb (low)

  • Reviewed spec/fabricators/category_fabricator.rb — looks good

spec/controllers/embed_controller_spec.rb (low)

  • Reviewed spec/controllers/embed_controller_spec.rb — looks good

@khaliqgant khaliqgant mentioned this pull request May 15, 2026
Open
@amznUjjwalpa amznUjjwalpa mentioned this pull request May 21, 2026
Open
@amznUjjwalpa amznUjjwalpa mentioned this pull request Jun 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

+1 more reviewer

@mfeuerstein mfeuerstein mfeuerstein left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@everettbu @mfeuerstein @eviltrout