FIX: Using #to_i is not enough when checking if a string is an integer

FIX: Using #to_i is not enough when checking if a string is an integer

diff --git a/plugin.rb b/plugin.rb
index 602592a..e8e682a 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -68,12 +68,13 @@ after_initialize do
     def default
       raise ActionController::RoutingError.new('Not Found') unless SiteSetting.sitemap_enabled
       prepend_view_path "plugins/discourse-sitemap/app/views/"
+      raw_page = params[:page]
 
-      if params[:page].to_i < 1
+      if raw_page.to_i < 1 || raw_page.to_i.to_s != raw_page
         raise ActionController::RoutingError.new('Not Found')
       end
 
-      page = Integer(params.require(:page))
+      page = Integer(raw_page)
       sitemap(page)
     end
 
diff --git a/spec/requests/sitemap_controller_spec.rb b/spec/requests/sitemap_controller_spec.rb
new file mode 100644
index 0000000..b60f726
--- /dev/null
+++ b/spec/requests/sitemap_controller_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe DiscourseSitemap::SitemapController do
+  describe '#default' do
+    it 'does not fail then page is a string starting with a number' do
+      get '/sitemap_1asd.xml'
+
+      expect(response.status).to eq(404)
+    end
+  end
+end

GitHub sha: 6c8568eb

Could we do this in a route constraint instead? It’s generally better because Rails will never even hit the route if that’s the case.