SECURITY: limit amount of links in custom sidebar section (#22543)

Custom sidebar section can have maximum of 50 links Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
2025-06-03 19:39:30 +08:00 · 2023-07-11 15:25:01 -06:00
parent eed7d86601
commit 52b003d915
4 changed files with 50 additions and 1 deletions
--- a/app/models/sidebar_section.rb
+++ b/app/models/sidebar_section.rb
@ -11,7 +11,9 @@ class SidebarSection < ActiveRecord::Base
           source: :linkable,
           source_type: "SidebarUrl"

-  accepts_nested_attributes_for :sidebar_urls, allow_destroy: true
+  accepts_nested_attributes_for :sidebar_urls,
+                                allow_destroy: true,
+                                limit: -> { SiteSetting.max_sidebar_section_links }

  before_save :set_system_user_for_public_section