mirror of
https://github.com/discourse/discourse.git
synced 2024-12-02 04:33:40 +08:00
75e40baa64
* FIX: min/max username length limits weren't validated
The custom validators introduced in e0d7cda
made so we ignored the mix
and max values set on site_settings.yml. That change allowed admins to
set values outside of the range defined on the yaml file.
Related to https://meta.discourse.org/t/group-names-with-more-than-60-characters-broken/232115?u=falco
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
35 lines
1.0 KiB
Ruby
35 lines
1.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module SiteSettings; end
|
|
|
|
class SiteSettings::YamlLoader
|
|
def initialize(file)
|
|
@file = file
|
|
end
|
|
|
|
def load
|
|
yaml = YAML.load_file(@file)
|
|
yaml.each_key do |category|
|
|
yaml[category].each do |setting_name, hash|
|
|
if hash.is_a?(Hash)
|
|
# Get default value for the site setting:
|
|
value = hash.delete('default')
|
|
|
|
if value.nil?
|
|
raise StandardError, "The site setting `#{setting_name}` in '#{@file}' is missing default value."
|
|
end
|
|
|
|
if hash.values_at('min', 'max').any? && hash['validator'].present?
|
|
raise StandardError, "The site setting `#{setting_name}` in '#{@file}' will have it's min/max validation ignored because there is a validator also specified."
|
|
end
|
|
|
|
yield category, setting_name, value, hash.deep_symbolize_keys!
|
|
else
|
|
# Simplest case. site_setting_name: 'default value'
|
|
yield category, setting_name, hash, {}
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|