Merge branch 'dev_aliyun' of http://bdgit.educoder.net/Hjqreturn/educoder into dev_aliyun

app/controllers/schools_controller.rb

@@ -11,6 +11,10 @@ class SchoolsController < ApplicationController
   end
 
   def for_option
-    render_ok(schools: School.select(:id, :name).as_json)
+    schools = School.all
+    keyword = params[:keyword].to_s.strip
+    schools = schools.where('name LIKE ?', "%#{keyword}%") if keyword
+
+    render_ok(schools: schools.select(:id, :name).as_json)
   end
 end

app/controllers/weapps/check_accounts_controller.rb

@@ -0,0 +1,38 @@
+class Weapps::CheckAccountsController < Weapps::BaseController
+  def create
+    params[:type] == 'register' ? check_can_register : check_can_bind
+  end
+
+  private
+
+  def check_can_bind
+    if params[:login] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
+      user = User.find_by(mail: params[:login])
+      return render_error('该邮箱尚未注册') if user.blank?
+    elsif params[:login] =~ /^1\d{10}$/
+      user = User.find_by(phone: params[:login])
+      return render_error('该手机号尚未注册') if user.blank?
+    else
+      user = User.find_by(login: params[:login])
+      return render_error('该账号尚未注册') if user.blank?
+    end
+
+    return render_error('该账号已经绑定') if user.wechat_open_user.present?
+
+    render_ok
+  end
+
+  def check_can_register
+    if params[:login] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
+      user = User.find_by(mail: params[:login])
+      return render_error('该邮箱已注册') if user.present?
+    elsif params[:login] =~ /^1\d{10}$/
+      user = User.find_by(phone: params[:login])
+      return render_error('该手机号已注册') if user.present?
+    else
+      return render_error('请输入正确的邮箱或手机号')
+    end
+
+    render_ok
+  end
+end

app/helpers/application_helper.rb

@@ -15,6 +15,17 @@ module ApplicationHelper
     EduSetting.get(name)
   end
 
+  # xss共计问题
+  def content_safe content
+    tags = %w(
+        a abbr b bdo blockquote br caption cite code col colgroup dd del dfn dl
+        dt em figcaption figure h1 h2 h3 h4 h5 h6 hgroup i img ins kbd li mark
+        ol p pre q rp rt ruby s samp small strike strong sub sup table tbody td
+        tfoot th thead time tr u ul var wbr div span
+        )
+    sanitize content, tags: tags
+  end
+
   def graduation_navigation graduation
     graduation.class.to_s == "GraduationTopic" ? "毕设选题" : "毕设任务"
   end

app/services/admins/import_course_member_service.rb

@@ -36,7 +36,7 @@ class Admins::ImportCourseMemberService < ApplicationService
 
     member = course.course_members.find_by(user_id: user.id, role: data.role.to_i)
     # 如果已是课堂成员且是学生身份and不在指定的分班则移动到该分班
-    if member.present? && member.role == :STUDENT && course_group && member.course_group_id != course_group&.id
+    if member.present? && member.role == 'STUDENT' && course_group && member.course_group_id != course_group&.id
       member.update!(course_group_id: course_group&.id)
     elsif member.blank?
       course.course_members.create!(user_id: user.id, role: data.role.to_i, course_group_id: course_group&.id)

app/views/discusses/_discuss.json.jbuilder

@@ -2,7 +2,7 @@ json.author do
   json.partial! 'users/user', user: discuss.user
 end
 json.id discuss.id
-json.content discuss.content
+json.content content_safe(discuss.content)
 json.time time_from_now(discuss.created_at)
 json.position discuss.position
 json.shixun_id discuss.dis_id

app/views/memos/_memo.json.jbuilder

@@ -3,7 +3,7 @@ json.memo do
   json.forum_id memo.forum_id
   json.subject memo.subject
   json.is_md memo.is_md
-  json.content memo.content
+  json.content content_safe(memo.content)
   json.sticky memo.sticky
   json.reward memo.reward
   json.viewed_count memo.viewed_count

app/views/memos/_replies_list.json.jbuilder

@@ -1,5 +1,5 @@
 json.id memo.id
-json.content memo.content
+json.content content_safe(memo.content)
 json.time time_from_now(memo.created_at)
 json.user_id memo.author_id
 json.image_url url_to_avatar(memo.author)
@@ -15,7 +15,7 @@ json.admin @user.admin? || @user.business?
 json.children do
   json.array! memo.children_of_reply do |child|
     json.id child.id
-    json.content child.content
+    json.content content_safe(child.content)
     json.time time_from_now(child.created_at)
     json.image_url url_to_avatar(child.author)
     json.username child.author.full_name

app/views/messages/_content.json.jbuilder

@@ -1 +1 @@
-json.content content
+json.content content_safe(content)

app/views/messages/_message_detail.json.jbuilder

@@ -1,6 +1,6 @@
 json.partial! "messages/message_simple", message: message
 json.partial! "commons/like", message: message
-json.content message.message_detail.try(:content)
+json.content content_safe(message.message_detail.try(:content))
 json.author do
   json.partial! "users/user_simple", user: message.author
 end

config/routes.rb

@@ -854,6 +854,7 @@ Rails.application.routes.draw do
       resource :register, only: [:create]
       resource :code_session, only: [:create]
       resource :verify, only: [:create]
+      resource :check_account, only: [:create]
 
       resources :searchs, only: [:index]
     end

db/migrate/20190426010412_add_is_invalid_to_student_works_scores.rb

@@ -1,6 +1,6 @@
 class AddIsInvalidToStudentWorksScores < ActiveRecord::Migration[5.2]
   def change
-    # add_column :student_works_scores, :is_invalid, :boolean, default: false
+    add_column :student_works_scores, :is_invalid, :boolean, default: false
 
     StudentWorksScore.where("score is not null").order("id desc").find_each do |score|
       unless score.is_invalid