sanitize setting for number of visible reactions
This is kind of a hack, but the lack of validation for settings unfortunately makes it necessary.
This commit is contained in:
		
							parent
							
								
									e3f76a1cb0
								
							
						
					
					
						commit
						77491a8f22
					
				
					 2 changed files with 7 additions and 4 deletions
				
			
		|  | @ -160,7 +160,7 @@ class UserSettingsDecorator | |||
|   end | ||||
| 
 | ||||
|   def visible_reactions_preference | ||||
|     integer_cast_setting 'setting_visible_reactions' | ||||
|     integer_cast_setting('setting_visible_reactions', 0) | ||||
|   end | ||||
| 
 | ||||
|   def always_send_emails_preference | ||||
|  | @ -171,8 +171,11 @@ class UserSettingsDecorator | |||
|     ActiveModel::Type::Boolean.new.cast(settings[key]) | ||||
|   end | ||||
| 
 | ||||
|   def integer_cast_setting(key) | ||||
|     ActiveModel::Type::Integer.new.cast(settings[key]) | ||||
|   def integer_cast_setting(key, min = nil, max = nil) | ||||
|     i = ActiveModel::Type::Integer.new.cast(settings[key]) | ||||
|     return min if !min.nil? && i < min | ||||
|     return max if !max.nil? && i > max | ||||
|     i | ||||
|   end | ||||
| 
 | ||||
|   def coerced_settings(key) | ||||
|  |  | |||
|  | @ -37,7 +37,7 @@ | |||
|     = f.input :setting_crop_images, as: :boolean, wrapper: :with_label | ||||
| 
 | ||||
|   .fields-group.fields-row__column.fields-row__column-6 | ||||
|     = f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', data: { default: '6' } }, hint: false | ||||
|     = f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', min: '0', data: { default: '6' } }, hint: false | ||||
| 
 | ||||
|   %h4= t 'appearance.discovery' | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue