github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 21:25:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: limit amount of links in custom sidebar section (#22543)

Browse Source 
Custom sidebar section can have maximum of 50 links

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
This commit is contained in:
Blake Erickson
2023-07-11 15:25:01 -06:00
committed by GitHub
parent eed7d86601
commit 52b003d915
4 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/sidebar_sections_controller.rb
View File

@ -29,6 +29,8 @@ class SidebarSectionsController < ApplicationController
render_serialized(sidebar_section, SidebarSectionSerializer)
rescue ActiveRecord::RecordInvalid => e
render_json_error(e.record.errors.full_messages.first)
rescue ActiveRecord::NestedAttributes::TooManyRecords => e
render_json_error(e.message)
end
def update
@ -62,6 +64,8 @@ class SidebarSectionsController < ApplicationController
render_serialized(sidebar_section.reload, SidebarSectionSerializer)
rescue ActiveRecord::RecordInvalid => e
render_json_error(e.record.errors.full_messages.first)
rescue ActiveRecord::NestedAttributes::TooManyRecords => e
render_json_error(e.message)
rescue Discourse::InvalidAccess
render json: failed_json, status: 403
end