FEATURE: Validate tags in WatchedWords (#17254)

* FEATURE: Validate tags in WatchedWords We didn't validate watched words automatic tagging, so it was possible for an admin to created watched words with an empty tag list which would result in an exception when users tried to create a new topic that matched the misconfigured watched word. Bug report: https://meta.discourse.org/t/lib-topic-creator-fails-when-the-word-math-appears-in-the-topic-title-or-text/231018?u=falco
2025-06-01 02:24:59 +08:00 · 2022-06-27 16:16:33 -03:00
parent 64adf3cba3
commit f56c44d1c7
5 changed files with 29 additions and 3 deletions
--- a/app/models/watched_word.rb
+++ b/app/models/watched_word.rb
@ -28,6 +28,7 @@ class WatchedWord < ActiveRecord::Base
  validates :action, presence: true

  validate :replacement_is_url, if: -> { action == WatchedWord.actions[:link] }
+  validate :replacement_is_tag_list, if: -> { action == WatchedWord.actions[:tag] }

  validates_each :word do |record, attr, val|
    if WatchedWord.where(action: record.action).count >= MAX_WORDS_PER_ACTION
@ -50,6 +51,14 @@ class WatchedWord < ActiveRecord::Base
    end
  end

+  def replacement_is_tag_list
+    tag_list = replacement&.split(',')
+    tags = Tag.where(name: tag_list)
+    if (tag_list.blank? || tags.empty? || tag_list.size != tags.size)
+      errors.add(:base, :invalid_tag_list)
+    end
+  end
+
  def self.create_or_update_word(params)
    new_word = normalize_word(params[:word])
    w = WatchedWord.where("word ILIKE ?", new_word).first || WatchedWord.new(word: new_word)