Commit 1cbc75b5 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Validate maximum attachment size in application settings

`max_attachment_size` in `ApplicationSetting` should be present,
only integers greater than zero are valid.

Closes #13188
parent ceb342c7
...@@ -92,6 +92,10 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -92,6 +92,10 @@ class ApplicationSetting < ActiveRecord::Base
presence: true, presence: true,
if: :akismet_enabled if: :akismet_enabled
validates :max_attachment_size,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates_each :restricted_visibility_levels do |record, attr, value| validates_each :restricted_visibility_levels do |record, attr, value|
unless value.nil? unless value.nil?
value.each do |level| value.each do |level|
......
...@@ -66,6 +66,14 @@ describe ApplicationSetting, models: true do ...@@ -66,6 +66,14 @@ describe ApplicationSetting, models: true do
it { is_expected.to allow_value(http).for(:after_sign_out_path) } it { is_expected.to allow_value(http).for(:after_sign_out_path) }
it { is_expected.to allow_value(https).for(:after_sign_out_path) } it { is_expected.to allow_value(https).for(:after_sign_out_path) }
it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) } it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) }
it { is_expected.to validate_presence_of(:max_attachment_size) }
it do
is_expected.to validate_numericality_of(:max_attachment_size)
.only_integer
.is_greater_than(0)
end
end end
context 'restricted signup domains' do context 'restricted signup domains' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment