github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-22 05:55:36 +08:00
Code Issues Actions1 Packages Projects Releases Wiki Activity

FIX: Only allow intergers for page params.

Browse Source
This commit is contained in:
Guo Xiang Tan 2017-10-02 10:45:54 +08:00
parent 77ea063751
commit 4e07bbfbbf
2 changed files with 14 additions and 0 deletions
app/controllers
list_controller.rb
spec/requests
list_controller_spec.rb

2
app/controllers/list_controller.rb

@ -331,6 +331,8 @@ class ListController < ApplicationController
def build_topic_list_options def build_topic_list_options
options = {} options = {}
params[:page] = params[:page].to_i rescue 1
TopicQuery.public_valid_options.each do |key| TopicQuery.public_valid_options.each do |key|
options[key] = params[key] options[key] = params[key]
end end

12
spec/requests/list_controller_spec.rb

@ -3,6 +3,18 @@ require 'rails_helper'
RSpec.describe ListController do RSpec.describe ListController do
let(:topic) { Fabricate(:topic) } let(:topic) { Fabricate(:topic) }
describe '#index' do
it "doesn't throw an error with a negative page" do
get "/#{Discourse.anonymous_filters[1]}", params: { page: -1024 }
expect(response).to be_success
end
it "doesn't throw an error with page params as an array" do
get "/#{Discourse.anonymous_filters[1]}", params: { page: ['7'] }
expect(response).to be_success
end
end
describe 'titles for crawler layout' do describe 'titles for crawler layout' do
it 'has no title for the default URL' do it 'has no title for the default URL' do
topic topic