fix: #7941, validate some input fields

src/meta/configs.js

@@ -12,12 +12,12 @@ const Meta = require('../meta');
 const cacheBuster = require('./cacheBuster');
 const defaults = require('../../install/data/defaults');
 
-var Configs = module.exports;
+const Configs = module.exports;
 
 Meta.config = {};
 
 function deserialize(config) {
-	var deserialized = {};
+	const deserialized = {};
 	Object.keys(config).forEach(function (key) {
 		const defaultType = typeof defaults[key];
 		const type = typeof config[key];
@@ -109,14 +109,31 @@ Configs.remove = async function (field) {
 };
 
 async function processConfig(data) {
+	ensurePositiveInteger(data, 'maximumUsernameLength');
+	ensurePositiveInteger(data, 'minimumUsernameLength');
+	ensurePositiveInteger(data, 'minimumPasswordLength');
+	ensurePositiveInteger(data, 'maximumAboutMeLength');
+	if (data.minimumUsernameLength > data.maximumUsernameLength) {
+		throw new Error('[[error:invalid-data]]');
+	}
+
 	await Promise.all([
 		saveRenderedCss(data),
 		getLogoSize(data),
 	]);
 }
 
+function ensurePositiveInteger(data, field) {
+	if (data.hasOwnProperty(field)) {
+		data[field] = parseInt(data[field], 10);
+		if (!(data[field] > 0)) {
+			throw new Error('[[error:invalid-data]]');
+		}
+	}
+}
+
 function lessRender(string, callback) {
-	var less = require('less');
+	const less = require('less');
 	less.render(string, {
 		compress: true,
 		javascriptEnabled: true,
@@ -135,7 +152,7 @@ async function saveRenderedCss(data) {
 }
 
 async function getLogoSize(data) {
-	var image = require('../image');
+	const image = require('../image');
 	if (!data['brand:logo']) {
 		return;
 	}

src/socket.io/admin.js

@@ -164,7 +164,7 @@ SocketAdmin.config.setMultiple = async function (socket, data) {
 		throw new Error('[[error:invalid-data]]');
 	}
 
-	var changes = {};
+	const changes = {};
 	data = meta.configs.deserialize(data);
 	Object.keys(data).forEach(function (key) {
 		if (data[key] !== meta.config[key]) {
@@ -173,10 +173,9 @@ SocketAdmin.config.setMultiple = async function (socket, data) {
 		}
 	});
 	await meta.configs.setMultiple(data);
-	var setting;
+	for (const field in data) {
-	for (var field in data) {
 		if (data.hasOwnProperty(field)) {
-			setting = {
+			const setting = {
 				key: field,
 				value: data[field],
 			};
@@ -216,7 +215,7 @@ SocketAdmin.settings.clearSitemapCache = function (socket, data, callback) {
 };
 
 SocketAdmin.email.test = function (socket, data, callback) {
-	var payload = {
+	const payload = {
 		subject: '[[email:test-email.subject]]',
 	};
 
@@ -338,7 +337,7 @@ SocketAdmin.deleteAllEvents = function (socket, data, callback) {
 
 SocketAdmin.getSearchDict = async function (socket) {
 	const settings = await user.getSettings(socket.uid);
-	var lang = settings.userLang || meta.config.defaultLang || 'en-GB';
+	const lang = settings.userLang || meta.config.defaultLang || 'en-GB';
 	return await getAdminSearchDict(lang);
 };