FIX: Correctly sanitize negative integers in site settings (#24170)
As part of #23816, which sought to strip out thousand separators, we also accidentally strip out signs. This is making it impossible to disable some settings which require a -1 to disable. Instead of stripping non-digits, strip anything that isn't a sign or a digit.
This commit is contained in:
parent
974c508cc8
commit
84fdf40dd4
|
@ -33,7 +33,7 @@ class Admin::SiteSettingsController < Admin::AdminController
|
|||
|
||||
case SiteSetting.type_supervisor.get_type(id)
|
||||
when :integer
|
||||
value = value.gsub(/\D/, "")
|
||||
value = value.tr("^-0-9", "")
|
||||
when :uploaded_image_list
|
||||
value = Upload.get_from_urls(value.split("|")).to_a
|
||||
end
|
||||
|
|
|
@ -276,6 +276,16 @@ RSpec.describe Admin::SiteSettingsController do
|
|||
expect(SiteSetting.suggested_topics).to eq(1000)
|
||||
end
|
||||
|
||||
it "sanitizes negative integer values correctly" do
|
||||
put "/admin/site_settings/pending_users_reminder_delay_minutes.json",
|
||||
params: {
|
||||
pending_users_reminder_delay_minutes: "-1",
|
||||
}
|
||||
|
||||
expect(response.status).to eq(200)
|
||||
expect(SiteSetting.pending_users_reminder_delay_minutes).to eq(-1)
|
||||
end
|
||||
|
||||
context "with default user options" do
|
||||
let!(:user1) { Fabricate(:user) }
|
||||
let!(:user2) { Fabricate(:user) }
|
||||
|
|
Loading…
Reference in New Issue