sanitize setting for number of visible reactions
This is kind of a hack, but the lack of validation for settings unfortunately makes it necessary.
This commit is contained in:
		
							parent
							
								
									e3f76a1cb0
								
							
						
					
					
						commit
						77491a8f22
					
				
					 2 changed files with 7 additions and 4 deletions
				
			
		|  | @ -160,7 +160,7 @@ class UserSettingsDecorator | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def visible_reactions_preference |   def visible_reactions_preference | ||||||
|     integer_cast_setting 'setting_visible_reactions' |     integer_cast_setting('setting_visible_reactions', 0) | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def always_send_emails_preference |   def always_send_emails_preference | ||||||
|  | @ -171,8 +171,11 @@ class UserSettingsDecorator | ||||||
|     ActiveModel::Type::Boolean.new.cast(settings[key]) |     ActiveModel::Type::Boolean.new.cast(settings[key]) | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def integer_cast_setting(key) |   def integer_cast_setting(key, min = nil, max = nil) | ||||||
|     ActiveModel::Type::Integer.new.cast(settings[key]) |     i = ActiveModel::Type::Integer.new.cast(settings[key]) | ||||||
|  |     return min if !min.nil? && i < min | ||||||
|  |     return max if !max.nil? && i > max | ||||||
|  |     i | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def coerced_settings(key) |   def coerced_settings(key) | ||||||
|  |  | ||||||
|  | @ -37,7 +37,7 @@ | ||||||
|     = f.input :setting_crop_images, as: :boolean, wrapper: :with_label |     = f.input :setting_crop_images, as: :boolean, wrapper: :with_label | ||||||
| 
 | 
 | ||||||
|   .fields-group.fields-row__column.fields-row__column-6 |   .fields-group.fields-row__column.fields-row__column-6 | ||||||
|     = f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', data: { default: '6' } }, hint: false |     = f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', min: '0', data: { default: '6' } }, hint: false | ||||||
| 
 | 
 | ||||||
|   %h4= t 'appearance.discovery' |   %h4= t 'appearance.discovery' | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue