SECURITY: Limit length of edit reason column

2024-11-26 23:13:48 +08:00 · 2023-07-28 12:56:38 +01:00 · 2023-07-28 12:56:38 +01:00 · 23c2fd5efe
commit 23c2fd5efe
parent 6695d568ca
2 changed files with 2 additions and 0 deletions
--- a/app/models/post.rb
+++ b/app/models/post.rb
@ -63,6 +63,7 @@ class Post < ActiveRecord::Base
  has_many :post_hotlinked_media, dependent: :destroy, class_name: "PostHotlinkedMedia"

  validates_with PostValidator, unless: :skip_validation
+  validates :edit_reason, length: { maximum: 1000 }

  after_commit :index_search

--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@ -57,6 +57,7 @@ RSpec.describe Post do
  end

  it { is_expected.to validate_presence_of :raw }
+  it { is_expected.to validate_length_of(:edit_reason).is_at_most(1000) }

  # Min/max body lengths, respecting padding
  it { is_expected.not_to allow_value("x").for(:raw) }