SECURITY: Store custom field values according to their registered type

2025-01-18 10:52:45 +08:00 · 2023-11-30 17:17:01 -06:00 · 2023-11-30 17:17:01 -06:00 · 75c645453d
commit 75c645453d
parent 4494d62531
1 changed files with 20 additions and 6 deletions
--- a/app/models/concerns/has_custom_fields.rb
+++ b/app/models/concerns/has_custom_fields.rb
@ -33,14 +33,28 @@ module HasCustomFields
    end

    def serialize(value)
-      if value.is_a?(Hash) || type == :json || (array_type? && type[0] == :json)
+      base_type = Array === type ? type.first : type
+
+      case base_type
+      when :json
        value.to_json
-      elsif TrueClass === value
-        "t"
-      elsif FalseClass === value
-        "f"
+      when :integer
+        value.to_i.to_s
+      when :boolean
+        value = !!Helpers::CUSTOM_FIELD_TRUE.include?(value) if String === value
+
+        value ? "t" : "f"
      else
-        value.to_s
+        case value
+        when Hash
+          value.to_json
+        when TrueClass
+          "t"
+        when FalseClass
+          "f"
+        else
+          value.to_s
+        end
      end
    end