mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 10:20:58 -06:00
07f87ff7a8
### What is the problem? It is possible to pass an arbitrary value to the limit parameter in `TagsController#search`, and have it flow through `DiscourseTagging.filter_allowed_tags` where it will raise an error deep in the database driver. MiniSql ensures there's no injection happening, but that ultimately results in an invalid query. ### How does this fix it? This change checks more strictly that the parameter can be cleanly converted to an integer by replacing the loose `#to_i` conversion semantics with the stronger `Kernel#Integer` ones. **Example:** ```ruby "1; SELECT 1".to_i #=> 1 Integer("1; SELECT 1") #=> ArgumentError ``` As part of the change, I also went ahead to disallow a limit of "0", as that doesn't seem to be a useful option. Previously only negative limits were disallowed. |
||
---|---|---|
.. | ||
fabricators | ||
fixtures | ||
helpers | ||
import_export | ||
initializers | ||
integration | ||
integrity | ||
jobs | ||
lib | ||
mailers | ||
models | ||
multisite | ||
requests | ||
script/import_scripts | ||
serializers | ||
services | ||
support | ||
system | ||
tasks | ||
views | ||
rails_helper.rb | ||
regenerate_swagger_docs | ||
swagger_helper.rb |