SECURITY: Store custom field values according to their registered type

2025-02-25 18:55:32 -06:00 · 2023-11-30 17:17:01 -06:00
parent 4494d62531
commit 75c645453d
1 changed files with 20 additions and 6 deletions
--- a/app/models/concerns/has_custom_fields.rb
+++ b/app/models/concerns/has_custom_fields.rb
@@ -33,16 +33,30 @@ module HasCustomFields
    end

    def serialize(value)
-      if value.is_a?(Hash) || type == :json || (array_type? && type[0] == :json)
+      base_type = Array === type ? type.first : type
+
+      case base_type
+      when :json
        value.to_json
-      elsif TrueClass === value
+      when :integer
+        value.to_i.to_s
+      when :boolean
+        value = !!Helpers::CUSTOM_FIELD_TRUE.include?(value) if String === value
+
+        value ? "t" : "f"
+      else
+        case value
+        when Hash
+          value.to_json
+        when TrueClass
          "t"
-      elsif FalseClass === value
+        when FalseClass
          "f"
        else
          value.to_s
        end
      end
+    end

    def deserialize(key, value, return_array)
      return value unless type = self.type