From f7e65ec61b167b0bd94b19d5e1d3634a8f2965a7 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Sat, 17 Feb 2024 10:27:02 -0600
Subject: [PATCH] more strict integer checks

---
 app/browse.rb   | 11 +++--------
 app/index.rb    |  4 ++--
 app/site.rb     |  8 +++-----
 app/surf.rb     |  5 +++--
 app/webhooks.rb |  2 +-
 ext/NilClass.rb |  4 ++++
 ext/numeric.rb  |  4 ++++
 ext/string.rb   |  7 +++++++
 models/event.rb |  2 +-
 models/site.rb  |  4 ++--
 10 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/app/browse.rb b/app/browse.rb
index e11f1c76..9c486b8b 100644
--- a/app/browse.rb
+++ b/app/browse.rb
@@ -1,13 +1,8 @@
 get '/browse/?' do
   @surfmode = false
 
-  begin
-    @page = params[:page].to_i
-  rescue
-    @page = 1
-  end
-
-  @page = 1 if @page == 0
+  @page = params[:page]
+  @page = 1 if @page.not_an_integer?
 
   params.delete 'tag' if params[:tag].nil? || params[:tag].strip.empty?
 
@@ -17,7 +12,7 @@ get '/browse/?' do
     ds = browse_sites_dataset
   end
 
-  ds = ds.paginate @page, Site::BROWSE_PAGINATION_LENGTH
+  ds = ds.paginate @page.to_i, Site::BROWSE_PAGINATION_LENGTH
   @pagination_dataset = ds
   @sites = ds.all
 
diff --git a/app/index.rb b/app/index.rb
index 8faf3db2..ee27cf80 100644
--- a/app/index.rb
+++ b/app/index.rb
@@ -8,8 +8,8 @@ get '/?' do
 
     redirect '/dashboard' if current_site.is_education
 
-    @page = params[:page].to_i
-    @page = 1 if @page == 0
+    @page = params[:page]
+    @page = 1 if @page.not_an_integer?
 
     if params[:activity] == 'mine'
       events_dataset = current_site.latest_events(@page, 10)
diff --git a/app/site.rb b/app/site.rb
index c5f74bd7..16d9ebb9 100644
--- a/app/site.rb
+++ b/app/site.rb
@@ -17,12 +17,10 @@ get '/site/:username/?' do |username|
   @title = site.title
 
   @page = params[:page]
-  @page = @page.to_i
-  @page = 1 if @page == 0
+  @page = 1 if @page.not_an_integer?
 
   if params[:event_id]
-    not_found if params[:event_id].is_a?(Array)
-    not_found unless params[:event_id].to_i > 0
+    not_found if params[:event_id].not_an_integer?
     event = Event.select(:id).where(id: params[:event_id]).first
     not_found if event.nil?
     events_dataset = Event.where(id: params[:event_id]).paginate(1, 1)
@@ -84,7 +82,7 @@ get '/site/:username/stats' do
 
   if @site.supporter?
     unless params[:days].to_s == 'sincethebigbang'
-      if params[:days] && params[:days].to_i != 0
+      unless params[:days].not_an_integer?
         stats_dataset = stats_dataset.limit params[:days]
       else
         params[:days] = @default_stat_points
diff --git a/app/surf.rb b/app/surf.rb
index 809a9441..adead741 100644
--- a/app/surf.rb
+++ b/app/surf.rb
@@ -1,9 +1,10 @@
 get '/surf/?' do
   not_found # 404 for now
-  @page = params[:page].to_i || 1
+  @page = params[:page]
+  @page = 1 if @page.not_an_integer?
   params.delete 'tag' if params[:tag].nil? || params[:tag].strip.empty?
   site_dataset = browse_sites_dataset
-  site_dataset = site_dataset.paginate @page, 1
+  site_dataset = site_dataset.paginate @page.to_i, 1
   @page_count = site_dataset.page_count || 1
   @site = site_dataset.first
   redirect "/browse?#{Rack::Utils.build_query params}" if @site.nil?
diff --git a/app/webhooks.rb b/app/webhooks.rb
index 5d11c7f5..1aeb8f67 100644
--- a/app/webhooks.rb
+++ b/app/webhooks.rb
@@ -143,7 +143,7 @@ def stripe_get_site_from_event(event)
     site_where = {username: desc_split.first}
   end
 
-  if desc_split.last.to_i == 0
+  if desc_split.last.not_an_integer?
     site_where = {username: desc_split.first}
   else
     site_where = {id: desc_split.last}
diff --git a/ext/NilClass.rb b/ext/NilClass.rb
index a225ef88..aa2c8adf 100644
--- a/ext/NilClass.rb
+++ b/ext/NilClass.rb
@@ -6,4 +6,8 @@ class NilClass
   def blank?
     true
   end
+
+  def not_an_integer?
+    true
+  end
 end
diff --git a/ext/numeric.rb b/ext/numeric.rb
index f9377066..3f521b61 100644
--- a/ext/numeric.rb
+++ b/ext/numeric.rb
@@ -76,4 +76,8 @@ class Numeric
   def to_space_pretty
     to_bytes_pretty
   end
+
+  def not_an_integer?
+    !self.integer?
+  end
 end
diff --git a/ext/string.rb b/ext/string.rb
index f241939a..08a38283 100644
--- a/ext/string.rb
+++ b/ext/string.rb
@@ -16,4 +16,11 @@ class String
     return true if self == ''
     false
   end
+
+  def not_an_integer?
+    Integer(self)
+    false
+  rescue ArgumentError
+    true
+  end
 end
diff --git a/models/event.rb b/models/event.rb
index d7aee461..a6cd52bd 100644
--- a/models/event.rb
+++ b/models/event.rb
@@ -50,7 +50,7 @@ class Event < Sequel::Model
 
   def self.global_dataset(current_page=1, limit=DEFAULT_GLOBAL_LIMIT)
     news_feed_default_dataset.
-      paginate(current_page, 100).
+      paginate(current_page.to_i, 100).
       exclude(is_nsfw: true).
       exclude(is_crashing: true).
       where{views > GLOBAL_VIEWS_MINIMUM}.
diff --git a/models/site.rb b/models/site.rb
index 71c2bc0d..2ff8d012 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -1350,7 +1350,7 @@ class Site < Sequel::Model
     site_id = self.id
     Event.news_feed_default_dataset.where{Sequel.|({site_id: site_id}, {actioning_site_id: site_id})}.
     order(:created_at.desc).
-    paginate(current_page, limit)
+    paginate(current_page.to_i, limit.to_i)
   end
 
   def news_feed(current_page=1, limit=10)
@@ -1359,7 +1359,7 @@ class Site < Sequel::Model
 
     Event.news_feed_default_dataset.where{Sequel.|({site_id: search_ids}, {actioning_site_id: search_ids})}.
     order(:created_at.desc).
-    paginate(current_page, limit)
+    paginate(current_page.to_i, limit.to_i)
   end
 
   def newest_follows