sanitize setting for number of visible reactions

This is kind of a hack, but the lack of
validation for settings unfortunately makes it
necessary.
This commit is contained in:
fef 2022-12-02 09:37:56 +00:00
parent 5de3784c9b
commit 90a4c158f7
No known key found for this signature in database
GPG key ID: EC22E476DC2D3D84
2 changed files with 7 additions and 4 deletions

View file

@ -160,7 +160,7 @@ class UserSettingsDecorator
end
def visible_reactions_preference
integer_cast_setting 'setting_visible_reactions'
integer_cast_setting('setting_visible_reactions', 0)
end
def always_send_emails_preference
@ -171,8 +171,11 @@ class UserSettingsDecorator
ActiveModel::Type::Boolean.new.cast(settings[key])
end
def integer_cast_setting(key)
ActiveModel::Type::Integer.new.cast(settings[key])
def integer_cast_setting(key, min = nil, max = nil)
i = ActiveModel::Type::Integer.new.cast(settings[key])
return min if !min.nil? && i < min
return max if !max.nil? && i > max
i
end
def coerced_settings(key)

View file

@ -37,7 +37,7 @@
= f.input :setting_crop_images, as: :boolean, wrapper: :with_label
.fields-group.fields-row__column.fields-row__column-6
= f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', data: { default: '6' } }, hint: false
= f.input :setting_visible_reactions, wrapper: :with_label, input_html: { type: 'number', min: '0', data: { default: '6' } }, hint: false
%h4= t 'appearance.discovery'