Merge pull request #3393 from techAPJ/patch-2

FIX: validate integer site setting
This commit is contained in:
Robin Ward 2015-04-23 10:17:35 -04:00
commit 802ed642f7
2 changed files with 24 additions and 2 deletions

View file

@ -305,6 +305,18 @@ module SiteSettingExtension
refresh_settings.include?(name.to_sym)
end
def is_valid_data?(name, value)
valid = true
type = get_data_type(name, defaults[name.to_sym])
if type == types[:fixnum]
# validate fixnum
valid = false unless value.to_i.is_a?(Fixnum)
end
return valid
end
def filter_value(name, value)
# filter domain name
if %w[disabled_image_download_domains onebox_domains_whitelist exclude_rel_nofollow_domains email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains].include? name
@ -318,12 +330,12 @@ module SiteSettingExtension
end
def set(name, value)
if has_setting?(name)
if has_setting?(name) && is_valid_data?(name, value)
value = filter_value(name, value)
self.send("#{name}=", value)
Discourse.request_refresh! if requires_refresh?(name)
else
raise ArgumentError.new("No setting named #{name} exists")
raise ArgumentError.new("Either no setting named '#{name}' exists or value provided is invalid")
end
end

View file

@ -344,6 +344,16 @@ describe SiteSettingExtension do
end
end
describe "set for an invalid fixnum value" do
it "raises an error" do
settings.setting(:test_setting, 80)
settings.refresh!
expect {
settings.set("test_setting", 9999999999999999999)
}.to raise_error(ArgumentError)
end
end
describe "filter domain name" do
before do
settings.setting(:white_listed_spam_host_domains, "www.example.com")