github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-03 19:14:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Drop internal URL validation for paths in sidebar (#20891)

Browse Source 
`Rails.application.routes.recognize_path(value)` was not working for /admin paths because StaffConstraint.new requires user to check permission.

This validation is not bringing much value, and the easiest way is to drop it. In the worse case scenario, a user will have an incorrect link in their sidebar.

Bug reported: https://meta.discourse.org/t/custom-sidebar-sections-being-tested-on-meta/255303/66
This commit is contained in:
Krzysztof Kotlarek
2023-03-31 16:26:56 +11:00
committed by GitHub
parent ef1b781ced
commit c86d772277
2 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/models/sidebar_url.rb
View File

@ -15,11 +15,8 @@ class SidebarUrl < ActiveRecord::Base
before_validation :remove_internal_hostname, :set_external
def path_validator
if external?
raise ActionController::RoutingError.new("Not Found") if value !~ Discourse::Utils::URI_REGEXP
else
Rails.application.routes.recognize_path(value)
end
return true if !external?
raise ActionController::RoutingError.new("Not Found") if value !~ Discourse::Utils::URI_REGEXP
rescue ActionController::RoutingError
errors.add(
:value,