github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 20:31:15 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Sanitize integer site settings in front- and back-end (#23816)

Browse Source 
Currently, if you set an integer site setting in the admin interface and include thousands separators, you will silently configure the wrong value.

This PR replaces TextField inputs for integer site settings with NumberField. It also cleans the numeric input of any non-digits in the backend in case any separators make it through.
This commit is contained in:
Ted Johansson
2023-10-06 19:21:01 +02:00
committed by GitHub
parent 484004fc5e
commit e113eff663
6 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/admin/site_settings_controller.rb
View File

@ -31,7 +31,10 @@ class Admin::SiteSettingsController < Admin::AdminController
raise_access_hidden_setting(id)
if SiteSetting.type_supervisor.get_type(id) == :uploaded_image_list
case SiteSetting.type_supervisor.get_type(id)
when :integer
value = value.gsub(/\D/, "")
when :uploaded_image_list
value = Upload.get_from_urls(value.split("|")).to_a
end