Validation of params should restrict to max int (#6331)

* FIX: Validation of params should restrict to max int * FIX: Send status 400 when "page" param isn't between 1 and max int
2025-05-29 00:20:54 +08:00 · 2018-09-03 06:45:32 +02:00
parent 747c9bb47f
commit f33433bf9e
3 changed files with 29 additions and 13 deletions
--- a/lib/topic_query.rb
+++ b/lib/topic_query.rb
@ -9,6 +9,7 @@ require_dependency 'topic_query_sql'
 require_dependency 'avatar_lookup'

 class TopicQuery
+  PG_MAX_INT ||= 2147483647

  def self.validators
    @validators ||= begin
@ -17,8 +18,12 @@ class TopicQuery
        Integer === x || (String === x && x.match?(/^-?[0-9]+$/))
      end

-      zero_or_more = lambda do |x|
-        int.call(x) && x.to_i >= 0
+      zero_up_to_max_int = lambda do |x|
+        int.call(x) && x.to_i.between?(0, PG_MAX_INT)
+      end
+
+      one_up_to_max_int = lambda do |x|
+        int.call(x) && x.to_i.between?(1, PG_MAX_INT)
      end

      array_int_or_int = lambda do |x|
@ -28,8 +33,9 @@ class TopicQuery
      end

      {
-        max_posts: zero_or_more,
-        min_posts: zero_or_more,
+        max_posts: zero_up_to_max_int,
+        min_posts: zero_up_to_max_int,
+        page: one_up_to_max_int,
        exclude_category_ids: array_int_or_int
      }
    end