From 1cbc75b53cac7a494d673ee73be126aec131b296 Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Fri, 5 Feb 2016 10:12:36 +0100 Subject: [PATCH 1/2] Validate maximum attachment size in application settings `max_attachment_size` in `ApplicationSetting` should be present, only integers greater than zero are valid. Closes #13188 --- app/models/application_setting.rb | 4 ++++ spec/models/application_setting_spec.rb | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 9cafc78f761..5e1cf7749fa 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -92,6 +92,10 @@ class ApplicationSetting < ActiveRecord::Base presence: true, if: :akismet_enabled + validates :max_attachment_size, + presence: true, + numericality: { only_integer: true, greater_than: 0 } + validates_each :restricted_visibility_levels do |record, attr, value| unless value.nil? value.each do |level| diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index f4c58882757..161a32c51e6 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -66,6 +66,14 @@ describe ApplicationSetting, models: true do it { is_expected.to allow_value(http).for(:after_sign_out_path) } it { is_expected.to allow_value(https).for(:after_sign_out_path) } it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) } + + it { is_expected.to validate_presence_of(:max_attachment_size) } + + it do + is_expected.to validate_numericality_of(:max_attachment_size) + .only_integer + .is_greater_than(0) + end end context 'restricted signup domains' do From dd3b9feafa958742d2772078309ede027720d4c0 Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Fri, 5 Feb 2016 10:24:14 +0100 Subject: [PATCH 2/2] Add Changelog entry for new maximum attachment size validator --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 9245895bf0c..1db293fa3e8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -40,6 +40,7 @@ v 8.5.0 (unreleased) - In seach autocomplete show only groups and projects you are member of - Fix: init.d script not working on OS X - Faster snippet search + - Validate correctness of maximum attachment size application setting v 8.4.4 - Update omniauth-saml gem to 1.4.2