Pagination Params Sanitization #178
Description
I see errors triggered via https://github.com/solidusio-contrib/solidus_multi_domain/blob/b17440935dd152f258dab65c3feaa62677bb6e04/app/decorators/controllers/solidus_multi_domain/taxons_controller_decorator.rb#L8C34-L8C40 because Solidus doesn't limit params strictly enough.
Repoduction example:
#…
params = ActionController::Parameters.new({
page: {
test: "lol"
}
})
@searcher = build_searcher(params.merge(taxon: @taxon.id))
#…This causes failure in https://github.com/solidusio/solidus/blob/12f00d6fccd13dce0135f4ab1e70a457f96fd300/core/lib/spree/core/search/base.rb#L98
@properties[:page] = (params[:page].to_i <= 0) ? 1 : params[:page].to_iwith the message:
undefined method 'to_i' for an instance of ActionController::Parameters (NoMethodError)
Did you mean? to_s
to_h