FIX: min/max username length limits weren't validated (#17382)

* FIX: min/max username length limits weren't validated The custom validators introduced in e0d7cda made so we ignored the mix and max values set on site_settings.yml. That change allowed admins to set values outside of the range defined on the yaml file. Related to https://meta.discourse.org/t/group-names-with-more-than-60-characters-broken/232115?u=falco Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2025-06-03 19:39:30 +08:00 · 2022-07-08 12:00:47 -03:00
parent 4c1b8e736d
commit 75e40baa64
6 changed files with 61 additions and 8 deletions
--- a/lib/site_settings/yaml_loader.rb
+++ b/lib/site_settings/yaml_loader.rb
@ -19,6 +19,10 @@ class SiteSettings::YamlLoader
            raise StandardError, "The site setting `#{setting_name}` in '#{@file}' is missing default value."
          end

+          if hash.values_at('min', 'max').any? && hash['validator'].present?
+            raise StandardError, "The site setting `#{setting_name}` in '#{@file}' will have it's min/max validation ignored because there is a validator also specified."
+          end
+
          yield category, setting_name, value, hash.deep_symbolize_keys!
        else
          # Simplest case. site_setting_name: 'default value'