From c66942aa0aed416f426225aab6d13d1c2601febc Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 11:43:34 -0400
Subject: [PATCH 01/21] Add missing params to api/v2/search controller

---
 app/controllers/api/v2/search_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v2/search_controller.rb b/app/controllers/api/v2/search_controller.rb
index 3cfc6e7919c..6a952d76777 100644
--- a/app/controllers/api/v2/search_controller.rb
+++ b/app/controllers/api/v2/search_controller.rb
@@ -63,6 +63,6 @@ class Api::V2::SearchController < Api::BaseController
   end
 
   def search_params
-    params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
+    params.permit(:q, :resolve, :type, :offset, :min_id, :max_id, :account_id, :following)
   end
 end

From 7e04f35373d62ba2e1fc6e8fe4deb4e402110296 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 11:45:43 -0400
Subject: [PATCH 02/21] Use `params_slice` in api/v1/admin/accounts controller

---
 app/controllers/api/v1/admin/account_actions_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/account_actions_controller.rb b/app/controllers/api/v1/admin/account_actions_controller.rb
index 7249797a40b..3b26a9bcd88 100644
--- a/app/controllers/api/v1/admin/account_actions_controller.rb
+++ b/app/controllers/api/v1/admin/account_actions_controller.rb
@@ -26,7 +26,7 @@ class Api::V1::Admin::AccountActionsController < Api::BaseController
   end
 
   def resource_params
-    params.permit(
+    params_slice(
       :type,
       :report_id,
       :warning_preset_id,

From db9f834f47bbed3c9960564407a1e243b5f6b9b4 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 11:47:08 -0400
Subject: [PATCH 03/21] Use `params_slice` in api/v2/filters/keywords
 controller

---
 app/controllers/api/v2/filters/keywords_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v2/filters/keywords_controller.rb b/app/controllers/api/v2/filters/keywords_controller.rb
index fe1a9919447..459fe69241c 100644
--- a/app/controllers/api/v2/filters/keywords_controller.rb
+++ b/app/controllers/api/v2/filters/keywords_controller.rb
@@ -45,6 +45,6 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:keyword, :whole_word)
+    params_slice(:keyword, :whole_word)
   end
 end

From 3f4c231186d03a84cc94618d84d49eb4f4a3ccb1 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 11:47:39 -0400
Subject: [PATCH 04/21] Use `params_slice` in api/v2/filters/statuses
 controller

---
 app/controllers/api/v2/filters/statuses_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v2/filters/statuses_controller.rb b/app/controllers/api/v2/filters/statuses_controller.rb
index 2e95497a665..97e2e31866a 100644
--- a/app/controllers/api/v2/filters/statuses_controller.rb
+++ b/app/controllers/api/v2/filters/statuses_controller.rb
@@ -39,6 +39,6 @@ class Api::V2::Filters::StatusesController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:status_id)
+    params_slice(:status_id)
   end
 end

From a8ccfd227bd88c00a0adeba2562532b94cfa9bd2 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 11:52:52 -0400
Subject: [PATCH 05/21] Use `params_slice` in api/v1/admin/domain_blocks
 controller

---
 app/controllers/api/v1/admin/domain_blocks_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/domain_blocks_controller.rb b/app/controllers/api/v1/admin/domain_blocks_controller.rb
index a20a4a9c7f8..ce5dc4bb66a 100644
--- a/app/controllers/api/v1/admin/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/domain_blocks_controller.rb
@@ -72,7 +72,7 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
   end
 
   def domain_block_params
-    params.permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
+    params_slice(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
   end
 
   def next_path

From d9f7780598b31e0447b5e4960516e62505213a66 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:04:53 -0400
Subject: [PATCH 06/21] Use `params_slice` in api/v1/lists controller

---
 app/controllers/api/v1/lists_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/lists_controller.rb b/app/controllers/api/v1/lists_controller.rb
index 4bbbed26735..3e38a346b45 100644
--- a/app/controllers/api/v1/lists_controller.rb
+++ b/app/controllers/api/v1/lists_controller.rb
@@ -42,6 +42,6 @@ class Api::V1::ListsController < Api::BaseController
   end
 
   def list_params
-    params.permit(:title, :replies_policy, :exclusive)
+    params_slice(:title, :replies_policy, :exclusive)
   end
 end

From e29478ae69923b8999d3f6567149c99928a3b7ee Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:05:50 -0400
Subject: [PATCH 07/21] Use `params_slice` in api/v1/admin/ip_blocks controller

---
 app/controllers/api/v1/admin/ip_blocks_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/ip_blocks_controller.rb b/app/controllers/api/v1/admin/ip_blocks_controller.rb
index e132a3a87d6..b4ac6c71c26 100644
--- a/app/controllers/api/v1/admin/ip_blocks_controller.rb
+++ b/app/controllers/api/v1/admin/ip_blocks_controller.rb
@@ -56,7 +56,7 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:ip, :severity, :comment, :expires_in)
+    params_slice(:ip, :severity, :comment, :expires_in)
   end
 
   def next_path

From 169e524f46dc977363d4588ca62d63d09a4803e6 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:11:34 -0400
Subject: [PATCH 08/21] Use params slice and uniq constant in
 admin::filter_helper

---
 app/helpers/admin/filter_helper.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/helpers/admin/filter_helper.rb b/app/helpers/admin/filter_helper.rb
index 140fc73ede4..32f0d995961 100644
--- a/app/helpers/admin/filter_helper.rb
+++ b/app/helpers/admin/filter_helper.rb
@@ -15,7 +15,7 @@ module Admin::FilterHelper
     AnnouncementFilter::KEYS,
     Admin::ActionLogFilter::KEYS,
     Admin::StatusFilter::KEYS,
-  ].flatten.freeze
+  ].flatten.uniq.freeze
 
   def filter_link_to(text, link_to_params, link_class_params = link_to_params)
     new_url   = filtered_url_for(link_to_params)
@@ -48,6 +48,6 @@ module Admin::FilterHelper
   end
 
   def controller_request_params
-    params.permit(FILTERS)
+    params.slice(FILTERS).permit(FILTERS)
   end
 end

From 70661476223c96902b00aec96baa51ac595f2338 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:13:28 -0400
Subject: [PATCH 09/21] Use `params_slice` in api/v1/admin/accounts controller

---
 app/controllers/api/v1/admin/accounts_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb
index ff6f41e01da..6db9c058600 100644
--- a/app/controllers/api/v1/admin/accounts_controller.rb
+++ b/app/controllers/api/v1/admin/accounts_controller.rb
@@ -108,7 +108,7 @@ class Api::V1::Admin::AccountsController < Api::BaseController
   end
 
   def filter_params
-    params.permit(*FILTER_PARAMS)
+    params_slice(*FILTER_PARAMS)
   end
 
   def translated_filter_params

From 41708456a1b20920fb809a65f56b110f4c5a43f3 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:15:40 -0400
Subject: [PATCH 10/21] Use `params_slice` in api/v2/admin/accounts controller

---
 app/controllers/api/v2/admin/accounts_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v2/admin/accounts_controller.rb b/app/controllers/api/v2/admin/accounts_controller.rb
index 65cf0c4db44..a358e3f895b 100644
--- a/app/controllers/api/v2/admin/accounts_controller.rb
+++ b/app/controllers/api/v2/admin/accounts_controller.rb
@@ -12,6 +12,7 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
     ip
     invited_by
     role_ids
+    role_ids: []
   ).freeze
 
   PAGINATION_PARAMS = (%i(limit) + FILTER_PARAMS).freeze
@@ -39,7 +40,7 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
   end
 
   def filter_params
-    params.permit(*FILTER_PARAMS, role_ids: [])
+    params_slice(*FILTER_PARAMS)
   end
 
   def pagination_params(core_params)

From 058a3d8467607317242067b37587e4ea7cfef10b Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:17:56 -0400
Subject: [PATCH 11/21] Use `params.slice` in api/v1/lists/accounts controller

---
 app/controllers/api/v1/lists/accounts_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/lists/accounts_controller.rb b/app/controllers/api/v1/lists/accounts_controller.rb
index b1c0e609d04..c246da47c51 100644
--- a/app/controllers/api/v1/lists/accounts_controller.rb
+++ b/app/controllers/api/v1/lists/accounts_controller.rb
@@ -52,7 +52,7 @@ class Api::V1::Lists::AccountsController < Api::BaseController
   end
 
   def resource_params
-    params.permit(account_ids: [])
+    params.slice(:account_ids).permit(account_ids: [])
   end
 
   def next_path

From 519ec1c9da117fa08f2198c8e4f97615e57d92b6 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:40:23 -0400
Subject: [PATCH 12/21] Use `params.slice` in api/v1/notifications controller

---
 app/controllers/api/v1/notifications_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb
index 1d0aa10d2e7..bded1c60b55 100644
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -71,7 +71,9 @@ class Api::V1::NotificationsController < Api::BaseController
   end
 
   def browserable_params
-    params.permit(:account_id, :include_filtered, types: [], exclude_types: [])
+    params
+      .slice(:account_id, :include_filtered, :types, :exclude_types)
+      .permit(:account_id, :include_filtered, types: [], exclude_types: [])
   end
 
   def pagination_params(core_params)

From 8a5595eb8d2e8dbd98b08d4911eab29a846f50e3 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:51:06 -0400
Subject: [PATCH 13/21] Use `params.slice` in api/v2/filters controller

---
 app/controllers/api/v2/filters_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v2/filters_controller.rb b/app/controllers/api/v2/filters_controller.rb
index 09d4813f34b..653f63a8c3d 100644
--- a/app/controllers/api/v2/filters_controller.rb
+++ b/app/controllers/api/v2/filters_controller.rb
@@ -43,6 +43,8 @@ class Api::V2::FiltersController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy])
+    params
+      .slice(:title, :expires_in, :filter_action, :context, :keywords_attributes)
+      .permit(:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy])
   end
 end

From 6486f58ef4aa3c91df317c3ea06cda2438d9fcc0 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:52:17 -0400
Subject: [PATCH 14/21] Use `params.slice` in api/v1/filters controller

---
 app/controllers/api/v1/filters_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/filters_controller.rb b/app/controllers/api/v1/filters_controller.rb
index ed98acce30f..a9894935f07 100644
--- a/app/controllers/api/v1/filters_controller.rb
+++ b/app/controllers/api/v1/filters_controller.rb
@@ -52,7 +52,9 @@ class Api::V1::FiltersController < Api::BaseController
   end
 
   def resource_params
-    params.permit(:phrase, :expires_in, :irreversible, :whole_word, context: [])
+    params
+      .slice(:phrase, :expires_in, :irreversible, :whole_word, :context)
+      .permit(:phrase, :expires_in, :irreversible, :whole_word, context: [])
   end
 
   def filter_params

From 6b43a0890249b146411468d045d695c2bea34914 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:53:42 -0400
Subject: [PATCH 15/21] Use `params.slice` in api/v1/reports controller

---
 app/controllers/api/v1/reports_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb
index 72f358bb5bc..74bdadbf55c 100644
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -23,6 +23,8 @@ class Api::V1::ReportsController < Api::BaseController
   end
 
   def report_params
-    params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
+    params
+      .slice(:account_id, :comment, :category, :forward, :forward_to_domains, :status_ids, :rule_ids)
+      .permit(:account_id, :comment, :category, :forward, :rule_ids, forward_to_domains: [], status_ids: [], rule_ids: [])
   end
 end

From ade3a65676b746ede61a024c04df2d7702d454d0 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:57:07 -0400
Subject: [PATCH 16/21] Use `params.slice` in api/v1/apps controller

---
 app/controllers/api/v1/apps_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb
index 50feaf18547..12dbc9ffac7 100644
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -20,10 +20,12 @@ class Api::V1::AppsController < Api::BaseController
   end
 
   def app_scopes_or_default
-    app_params[:scopes] || Doorkeeper.configuration.default_scopes
+    Array(app_params[:scopes]).first || Doorkeeper.configuration.default_scopes
   end
 
   def app_params
-    params.permit(:client_name, :scopes, :website, :redirect_uris, redirect_uris: [])
+    params
+      .slice(:client_name, :scopes, :website, :redirect_uris, :redirect_uris)
+      .permit(:client_name, :scopes, :website, :redirect_uris, redirect_uris: [], scopes: [])
   end
 end

From e133d908f16493f4896b3f9dbbbc74f2d96a50d6 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 12:59:06 -0400
Subject: [PATCH 17/21] Use `params_slice` in api/v1/admin/reports controller

---
 app/controllers/api/v1/admin/reports_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb
index 9b5beeab67e..27a3fbd78c3 100644
--- a/app/controllers/api/v1/admin/reports_controller.rb
+++ b/app/controllers/api/v1/admin/reports_controller.rb
@@ -86,7 +86,7 @@ class Api::V1::Admin::ReportsController < Api::BaseController
   end
 
   def filter_params
-    params.permit(*FILTER_PARAMS)
+    params_slice(*FILTER_PARAMS)
   end
 
   def next_path

From 8a705c479e19fa591ca36435c8c481a27cf2583a Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 13:00:44 -0400
Subject: [PATCH 18/21] Use `params_slice` in api/v1/media controller

---
 app/controllers/api/v1/media_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index 5ea26d55bd6..3ee300ecb7a 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -40,11 +40,11 @@ class Api::V1::MediaController < Api::BaseController
   end
 
   def media_attachment_params
-    params.permit(:file, :thumbnail, :description, :focus)
+    params_slice(:file, :thumbnail, :description, :focus)
   end
 
   def updateable_media_attachment_params
-    params.permit(:thumbnail, :description, :focus)
+    params_slice(:thumbnail, :description, :focus)
   end
 
   def file_type_error

From 50bcdf53714ad150fe8f704a24df1bb3b76e751a Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 13:02:00 -0400
Subject: [PATCH 19/21] Use `params.slice` in api/v1/admin/reports controller

---
 app/controllers/api/v1/admin/reports_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb
index 27a3fbd78c3..b66550366f1 100644
--- a/app/controllers/api/v1/admin/reports_controller.rb
+++ b/app/controllers/api/v1/admin/reports_controller.rb
@@ -82,7 +82,9 @@ class Api::V1::Admin::ReportsController < Api::BaseController
   end
 
   def report_params
-    params.permit(:category, rule_ids: [])
+    params
+      .slice(:category, :rule_ids)
+      .permit(:category, rule_ids: [])
   end
 
   def filter_params

From f9f558da7fc168d135b60bcfd010bcf35a53f97e Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 13:03:32 -0400
Subject: [PATCH 20/21] Use `params.slice` in api/v2_alpha/notifications
 controller

---
 app/controllers/api/v2_alpha/notifications_controller.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v2_alpha/notifications_controller.rb b/app/controllers/api/v2_alpha/notifications_controller.rb
index 83d40a0886f..ba7c05344d1 100644
--- a/app/controllers/api/v2_alpha/notifications_controller.rb
+++ b/app/controllers/api/v2_alpha/notifications_controller.rb
@@ -109,10 +109,15 @@ class Api::V2Alpha::NotificationsController < Api::BaseController
   end
 
   def browserable_params
-    params.permit(:include_filtered, types: [], exclude_types: [])
+    params
+      .slice(:include_filtered, :types, :exclude_types)
+      .permit(:include_filtered, types: [], exclude_types: [])
   end
 
   def pagination_params(core_params)
-    params.slice(:limit, :types, :exclude_types, :include_filtered).permit(:limit, :include_filtered, types: [], exclude_types: []).merge(core_params)
+    params
+      .slice(:limit, :types, :exclude_types, :include_filtered)
+      .permit(:limit, :include_filtered, types: [], exclude_types: [])
+      .merge(core_params)
   end
 end

From 9aa8e297583bde4bd23dd9fe58b8653ce9c5d39e Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 14 Jun 2024 13:16:05 -0400
Subject: [PATCH 21/21] Use `params_slice` in api/v1/statuses/reblogs
 controller

---
 app/controllers/api/v1/statuses/reblogs_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/statuses/reblogs_controller.rb b/app/controllers/api/v1/statuses/reblogs_controller.rb
index 971b054c548..c074068275b 100644
--- a/app/controllers/api/v1/statuses/reblogs_controller.rb
+++ b/app/controllers/api/v1/statuses/reblogs_controller.rb
@@ -50,6 +50,6 @@ class Api::V1::Statuses::ReblogsController < Api::V1::Statuses::BaseController
   end
 
   def reblog_params
-    params.permit(:visibility)
+    params_slice(:visibility)
   end
 end