From d09d77c0cd8c2e0a1214df81251c21fb74e92264 Mon Sep 17 00:00:00 2001
From: "byte[]" <byteslice@airmail.cc>
Date: Sun, 5 Apr 2020 11:56:53 -0400
Subject: [PATCH] more careful checking of parameter values, fixes #75

---
 lib/philomena_web/controllers/commission_controller.ex     | 7 +++++++
 .../controllers/duplicate_report_controller.ex             | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/philomena_web/controllers/commission_controller.ex b/lib/philomena_web/controllers/commission_controller.ex
index 0268de91..4f992923 100644
--- a/lib/philomena_web/controllers/commission_controller.ex
+++ b/lib/philomena_web/controllers/commission_controller.ex
@@ -12,6 +12,10 @@ defmodule PhilomenaWeb.CommissionController do
       commission_search(params["commission"])
       |> Repo.paginate(conn.assigns.scrivener)
 
+    # Scrub parameters to avoid form error...
+    params = Map.put(conn.params, "commission", permit_map(conn.params["commission"]))
+    conn = Map.put(conn, :params, params)
+
     render(conn, "index.html",
       title: "Commissions",
       commissions: commissions,
@@ -78,6 +82,9 @@ defmodule PhilomenaWeb.CommissionController do
   defp presence([]),
     do: nil
 
+  defp permit_map(x) when is_map(x), do: x
+  defp permit_map(_), do: nil
+
   defp presence(string) when is_binary(string),
     do: if(String.trim(string) == "", do: nil, else: string)
 
diff --git a/lib/philomena_web/controllers/duplicate_report_controller.ex b/lib/philomena_web/controllers/duplicate_report_controller.ex
index af68fbd2..59e3072d 100644
--- a/lib/philomena_web/controllers/duplicate_report_controller.ex
+++ b/lib/philomena_web/controllers/duplicate_report_controller.ex
@@ -19,7 +19,7 @@ defmodule PhilomenaWeb.DuplicateReportController do
 
   def index(conn, params) do
     states =
-      (params["states"] || ~W(open claimed))
+      (presence(params["states"]) || ~W(open claimed))
       |> wrap()
       |> Enum.filter(&Enum.member?(@valid_states, &1))
 
@@ -72,4 +72,6 @@ defmodule PhilomenaWeb.DuplicateReportController do
 
   defp wrap(list) when is_list(list), do: list
   defp wrap(not_a_list), do: [not_a_list]
+  defp presence(""), do: nil
+  defp presence(x), do: x
 end