github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 13:51:09 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Ensure site setting being updated is a configurable site setting (#21131)

Browse Source
This commit is contained in:
Ted Johansson
2023-04-18 14:32:18 +08:00
committed by GitHub
parent 180e3e11d1
commit 437b73e322
4 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
spec/requests/admin/site_settings_controller_spec.rb
View File

@ -253,6 +253,19 @@ RSpec.describe Admin::SiteSettingsController do
expect(SiteSetting.search_tokenize_chinese).to eq(true)
end
it "throws an error when the parameter is not a configurable site setting" do
put "/admin/site_settings/clear_cache!.json",
params: {
clear_cache!: "",
update_existing_user: true,
}
expect(response.status).to eq(422)
expect(response.parsed_body["errors"]).to contain_exactly(
"No setting named 'clear_cache!' exists",
)
end
it "throws an error when trying to change a deprecated setting with override = false" do
SiteSetting.personal_message_enabled_groups = Group::AUTO_GROUPS[:trust_level_4]
put "/admin/site_settings/enable_personal_messages.json",