mirror of
https://github.com/discourse/discourse.git
synced 2024-11-24 04:31:56 +08:00
Merge pull request #3393 from techAPJ/patch-2
FIX: validate integer site setting
This commit is contained in:
commit
802ed642f7
|
@ -305,6 +305,18 @@ module SiteSettingExtension
|
|||
refresh_settings.include?(name.to_sym)
|
||||
end
|
||||
|
||||
def is_valid_data?(name, value)
|
||||
valid = true
|
||||
type = get_data_type(name, defaults[name.to_sym])
|
||||
|
||||
if type == types[:fixnum]
|
||||
# validate fixnum
|
||||
valid = false unless value.to_i.is_a?(Fixnum)
|
||||
end
|
||||
|
||||
return valid
|
||||
end
|
||||
|
||||
def filter_value(name, value)
|
||||
# filter domain name
|
||||
if %w[disabled_image_download_domains onebox_domains_whitelist exclude_rel_nofollow_domains email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains].include? name
|
||||
|
@ -318,12 +330,12 @@ module SiteSettingExtension
|
|||
end
|
||||
|
||||
def set(name, value)
|
||||
if has_setting?(name)
|
||||
if has_setting?(name) && is_valid_data?(name, value)
|
||||
value = filter_value(name, value)
|
||||
self.send("#{name}=", value)
|
||||
Discourse.request_refresh! if requires_refresh?(name)
|
||||
else
|
||||
raise ArgumentError.new("No setting named #{name} exists")
|
||||
raise ArgumentError.new("Either no setting named '#{name}' exists or value provided is invalid")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -344,6 +344,16 @@ describe SiteSettingExtension do
|
|||
end
|
||||
end
|
||||
|
||||
describe "set for an invalid fixnum value" do
|
||||
it "raises an error" do
|
||||
settings.setting(:test_setting, 80)
|
||||
settings.refresh!
|
||||
expect {
|
||||
settings.set("test_setting", 9999999999999999999)
|
||||
}.to raise_error(ArgumentError)
|
||||
end
|
||||
end
|
||||
|
||||
describe "filter domain name" do
|
||||
before do
|
||||
settings.setting(:white_listed_spam_host_domains, "www.example.com")
|
||||
|
|
Loading…
Reference in New Issue
Block a user