As proposed in the documentation, kaminari methods are often called in the controller with "unsanitized" parameters from the params hash (e.g. User.order(:name).page params[:page]). However, this makes the app vulnerable to invalid input: a request with an array instead of an integer (e.g. ...?page=2) causes the app to raise an exception.
I suggest to handle invalid input values within kaminari and attach a fix for the per parameter.
Thanks for your consideration,
prevent per scope from crashing on invalid (user) input
Instead of just checking for Array, how about like this?
n = num.try(:to_i) rescue nil
else n <= 0
Unfortunately I disagree with this. There are many ways to raise an exception, I don't consider this a vulnerability.