github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 20:41:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Sanitize integer site settings in front- and back-end (#23816)

Browse Source 
Currently, if you set an integer site setting in the admin interface and include thousands separators, you will silently configure the wrong value.

This PR replaces TextField inputs for integer site settings with NumberField. It also cleans the numeric input of any non-digits in the backend in case any separators make it through.
This commit is contained in:
Ted Johansson
2023-10-06 19:21:01 +02:00
committed by GitHub
parent 484004fc5e
commit e113eff663
6 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
spec/requests/admin/site_settings_controller_spec.rb
View File

@ -269,6 +269,13 @@ RSpec.describe Admin::SiteSettingsController do
expect(SiteSetting.title).to eq("")
end
it "sanitizes integer values" do
put "/admin/site_settings/suggested_topics.json", params: { suggested_topics: "1,000" }
expect(response.status).to eq(200)
expect(SiteSetting.suggested_topics).to eq(1000)
end
context "with default user options" do
let!(:user1) { Fabricate(:user) }
let!(:user2) { Fabricate(:user) }