From 280b28742d650a5825cfb8ffca92967a1a615bfd Mon Sep 17 00:00:00 2001
From: Zachary Chai <zachary.chai@outlook.com>
Date: Sun, 26 Mar 2017 15:06:10 -0400
Subject: [PATCH] restrict some characters in meeting name

---
 app/controllers/landing_controller.rb | 6 ++++--
 config/locales/en-us.yml              | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/landing_controller.rb b/app/controllers/landing_controller.rb
index 598f9155..b88f5b9e 100644
--- a/app/controllers/landing_controller.rb
+++ b/app/controllers/landing_controller.rb
@@ -22,13 +22,15 @@ class LandingController < ApplicationController
 
   def resource
     if params[:id].size > meeting_name_limit
-      redirect_to action: :index
+      redirect_to root_url, flash: {danger: t('meeting_name_long')}
+    elsif ['&', '$', ','].any? { |c| params[:id].include?(c) } # temporary fix for misbehaving characters
+      redirect_to root_url, flash: {danger: t('disallowed_characters_msg')}
     elsif params[:resource] == 'meetings' && !params[:room_id]
       render_meeting
     elsif params[:resource] == 'rooms'
       render_room
     else
-      redirect_to root_url, flash: {danger: "An error occured"}
+      redirect_to root_url, flash: {danger: t('error')}
     end
   end
 
diff --git a/config/locales/en-us.yml b/config/locales/en-us.yml
index a4097b5d..db5aead7 100644
--- a/config/locales/en-us.yml
+++ b/config/locales/en-us.yml
@@ -67,10 +67,12 @@ en-US:
   copy_error: Use Ctrl-c to copy
   create_your_session: Create your own meeting
   date_recorded: Date
+  disallowed_characters_msg: Characters not allowed in meeting name $&,
   duration: Length (minutes)
   end: End
   enter_name: Enter your name
   enter_meeting_name: Enter a meeting name to start
+  error: An error occured
   error_title: An error has occured
   footer_html: Powered by %{bbb_link}
   help: Help
@@ -100,6 +102,7 @@ en-US:
       body: "You have been invited by %{user} to a meeting.\n\nPlease open the following page in your web browser: &&URL&&"
       subject: "%{user} invited you to a meeting"
   moderator_default_message: Invitation link - %{url}
+  meeting_name_long: Meeting name too long
   my_room: my room
   name: Name
   'no': 'No'