FIX: add a basic validator for topic params

This cuts down on log noise when people try out sql injection
2025-02-25 18:55:32 -06:00 · 2018-08-14 17:01:04 +10:00
parent 402e570c77
commit ad5f502332
3 changed files with 45 additions and 1 deletions
--- a/lib/topic_query.rb
+++ b/lib/topic_query.rb
@@ -10,6 +10,34 @@ require_dependency 'avatar_lookup'

 class TopicQuery

+  def self.validators
+    @validators ||= begin
+
+      zero_or_more = lambda do |x|
+        Integer === x && x >= 0
+      end
+
+      array_zero_or_more = lambda do |x|
+        Array === x && x.length > 0 && x.all? { |i| Integer === i && i >= 0 }
+      end
+
+      {
+        max_posts: zero_or_more,
+        exclude_category_ids: array_zero_or_more,
+        min_posts: zero_or_more,
+      }
+    end
+  end
+
+  def self.validate?(option, value)
+
+    if fn = validators[option.to_sym]
+      fn.call(value)
+    else
+      true
+    end
+  end
+
  def self.public_valid_options
    @public_valid_options ||=
      %i(page