github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-27 03:53:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Limit length of edit reason column

Browse Source
This commit is contained in:
Penar Musaraj 2023-07-28 12:56:38 +01:00 committed by David Taylor
parent 6695d568ca
commit 23c2fd5efe
No known key found for this signature in database
GPG Key ID: 46904C18B1D3F434
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/post.rb
View File

@ -63,6 +63,7 @@ class Post < ActiveRecord::Base
has_many :post_hotlinked_media, dependent: :destroy, class_name: "PostHotlinkedMedia" has_many :post_hotlinked_media, dependent: :destroy, class_name: "PostHotlinkedMedia"
validates_with PostValidator, unless: :skip_validation validates_with PostValidator, unless: :skip_validation
validates :edit_reason, length: { maximum: 1000 }
after_commit :index_search after_commit :index_search

1
spec/models/post_spec.rb
View File

@ -57,6 +57,7 @@ RSpec.describe Post do
end end
it { is_expected.to validate_presence_of :raw } it { is_expected.to validate_presence_of :raw }
it { is_expected.to validate_length_of(:edit_reason).is_at_most(1000) }
# Min/max body lengths, respecting padding # Min/max body lengths, respecting padding
it { is_expected.not_to allow_value("x").for(:raw) } it { is_expected.not_to allow_value("x").for(:raw) }