FIX: disallow invalid top_menu and post_menu and share_links

In the past any text could be entered there causing big potential issues

lib/site_settings/type_supervisor.rb

@@ -6,7 +6,7 @@ module SiteSettings; end
 class SiteSettings::TypeSupervisor
   include SiteSettings::Validations
 
-  CONSUMED_OPTS = %i[enum choices type validator min max regex hidden regex_error].freeze
+  CONSUMED_OPTS = %i[enum choices type validator min max regex hidden regex_error allow_any].freeze
   VALIDATOR_OPTS = %i[min max regex hidden regex_error].freeze
 
   # For plugins, so they can tell if a feature is supported
@@ -61,6 +61,7 @@ class SiteSettings::TypeSupervisor
     @choices = {}
     @validators = {}
     @types = {}
+    @allow_any = {}
   end
 
   def load_setting(name_arg, opts = {})
@@ -83,6 +84,10 @@ class SiteSettings::TypeSupervisor
 
     if (type = opts[:type])
       @static_types[name] = type.to_sym
+
+      if type.to_sym == :list
+        @allow_any[name] = opts[:allow_any] == false ? false : true
+      end
     end
     @types[name] = get_data_type(name, @defaults_provider[name])
 
@@ -168,6 +173,16 @@ class SiteSettings::TypeSupervisor
       end
     end
 
+    if type == self.class.types[:list] || type == self.class.types[:string]
+      if @allow_any.key?(name) && !@allow_any[name]
+        split = val.to_s.split("|")
+        diff = (split - @choices[name])
+        if diff.length > 0
+          raise Discourse::InvalidParameters.new(I18n.t('errors.site_settings.invalid_choice', name: diff.join(','), count: diff.length))
+        end
+      end
+    end
+
     if (v = @validators[name])
       validator = v[:class].new(v[:opts])
       unless validator.valid_value?(val)