FIX: Negative limit values shouldn't cause error 500 (#10162)

FIX: Negative limit values shouldn’t cause error 500 (#10162)

diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 16b697b..1e86d10 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -214,6 +214,10 @@ class TagsController < ::ApplicationController
       exclude_has_synonyms: params[:excludeHasSynonyms]
     }
 
+    if filter_params[:limit] && filter_params[:limit].to_i < 0
+      raise Discourse::InvalidParameters.new(:limit)
+    end
+
     if params[:categoryId]
       filter_params[:category] = Category.find_by_id(params[:categoryId])
     end
diff --git a/spec/requests/tags_controller_spec.rb b/spec/requests/tags_controller_spec.rb
index 53b1cf9..3dbaab4 100644
--- a/spec/requests/tags_controller_spec.rb
+++ b/spec/requests/tags_controller_spec.rb
@@ -707,6 +707,13 @@ describe TagsController do
           ['common1', 'common2', 'group1tag', 'group1tag2']
         )
       end
+
+      it 'returns error 400 for negative limit' do
+        get "/tags/filter/search.json", params: { q: '', limit: -1 }
+
+        expect(response.status).to eq(400)
+        expect(response.parsed_body['errors'].first).to eq(I18n.t('invalid_params', message: 'limit'))
+      end
     end
   end
 

GitHub sha: de243426

This commit appears in #10162 which was approved by ZogStriP. It was merged by OsamaSayegh.