From 1cbc75b53cac7a494d673ee73be126aec131b296 Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzesiek.bizon@gmail.com>
Date: Fri, 5 Feb 2016 10:12:36 +0100
Subject: [PATCH] Validate maximum attachment size in application settings

`max_attachment_size` in `ApplicationSetting` should be present,
only integers greater than zero are valid.

Closes #13188
---
 app/models/application_setting.rb       | 4 ++++
 spec/models/application_setting_spec.rb | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 9cafc78f761..5e1cf7749fa 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -92,6 +92,10 @@ class ApplicationSetting < ActiveRecord::Base
             presence: true,
             if: :akismet_enabled
 
+  validates :max_attachment_size,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
   validates_each :restricted_visibility_levels do |record, attr, value|
     unless value.nil?
       value.each do |level|
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index f4c58882757..161a32c51e6 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -66,6 +66,14 @@ describe ApplicationSetting, models: true do
     it { is_expected.to allow_value(http).for(:after_sign_out_path) }
     it { is_expected.to allow_value(https).for(:after_sign_out_path) }
     it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) }
+
+    it { is_expected.to validate_presence_of(:max_attachment_size) }
+
+    it do
+      is_expected.to validate_numericality_of(:max_attachment_size)
+        .only_integer
+        .is_greater_than(0)
+    end
   end
 
   context 'restricted signup domains' do