FIX: validate integer site setting

This commit is contained in:
Arpit Jalan 2015-04-23 18:10:12 +05:30
parent 56cd381ff8
commit 2ee033caa5
2 changed files with 24 additions and 2 deletions

View file

@ -305,6 +305,18 @@ module SiteSettingExtension
refresh_settings.include?(name.to_sym)
end
def is_valid_data?(name, value)
valid = true
type = get_data_type(name, defaults[name.to_sym])
if type == types[:fixnum]
# validate fixnum
valid = false unless value.to_i.is_a?(Fixnum)
end
return valid
end
def filter_value(name, value)
# filter domain name
if %w[disabled_image_download_domains onebox_domains_whitelist exclude_rel_nofollow_domains email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains].include? name
@ -318,12 +330,12 @@ module SiteSettingExtension
end
def set(name, value)
if has_setting?(name)
if has_setting?(name) && is_valid_data?(name, value)
value = filter_value(name, value)
self.send("#{name}=", value)
Discourse.request_refresh! if requires_refresh?(name)
else
raise ArgumentError.new("No setting named #{name} exists")
raise ArgumentError.new("Either no setting named '#{name}' exists or value provided is invalid")
end
end

View file

@ -344,6 +344,16 @@ describe SiteSettingExtension do
end
end
describe "set for an invalid fixnum value" do
it "raises an error" do
settings.setting(:test_setting, 80)
settings.refresh!
expect {
settings.set("test_setting", 9999999999999999999)
}.to raise_error(ArgumentError)
end
end
describe "filter domain name" do
before do
settings.setting(:white_listed_spam_host_domains, "www.example.com")