mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
FIX: Do not allow negative values for LIMIT (#14122)
Negative values generated invalid SQL queries.
This commit is contained in:
parent
f03f0866e7
commit
eb6d66fe6f
|
@ -1080,7 +1080,10 @@ class UsersController < ApplicationController
|
|||
|
||||
options[:include_staged_users] = !!ActiveModel::Type::Boolean.new.cast(params[:include_staged_users])
|
||||
options[:last_seen_users] = !!ActiveModel::Type::Boolean.new.cast(params[:last_seen_users])
|
||||
options[:limit] = params[:limit].to_i if params[:limit].present?
|
||||
if params[:limit].present?
|
||||
options[:limit] = params[:limit].to_i
|
||||
raise Discourse::InvalidParameters.new(:limit) if options[:limit] <= 0
|
||||
end
|
||||
options[:topic_id] = topic_id if topic_id
|
||||
options[:category_id] = category_id if category_id
|
||||
|
||||
|
|
|
@ -3938,6 +3938,13 @@ describe UsersController do
|
|||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
context 'limit' do
|
||||
it "returns an error if value is invalid" do
|
||||
get "/u/search/users.json", params: { limit: '-1' }
|
||||
expect(response.status).to eq(400)
|
||||
end
|
||||
end
|
||||
|
||||
context "when `enable_names` is true" do
|
||||
before do
|
||||
SiteSetting.enable_names = true
|
||||
|
|
Loading…
Reference in New Issue
Block a user