Skip to content

Commit

Permalink
SECURITY: Store custom field values according to their registered type
Browse files Browse the repository at this point in the history
  • Loading branch information
@danielwaterworth @janzenisaac
danielwaterworth authored and janzenisaac committed Jan 8, 2024
1 parent 4494d62 commit 75c6454
Showing 1 changed file with 20 additions and 6 deletions.
26 changes: 20 additions & 6 deletions app/models/concerns/has_custom_fields.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,28 @@ def validate(obj, name, value)
end

def serialize(value)
if value.is_a?(Hash) || type == :json || (array_type? && type[0] == :json)
base_type = Array === type ? type.first : type

case base_type
when :json
value.to_json
elsif TrueClass === value
"t"
elsif FalseClass === value
"f"
when :integer
value.to_i.to_s
when :boolean
value = !!Helpers::CUSTOM_FIELD_TRUE.include?(value) if String === value

value ? "t" : "f"
else
value.to_s
case value
when Hash
value.to_json
when TrueClass
"t"
when FalseClass
"f"
else
value.to_s
end
end
end

Expand Down

0 comments on commit 75c6454

Please sign in to comment.