mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 10:43:57 +08:00
FIX: Enforce max length for custom user fields
This commit is contained in:
parent
9264a7914f
commit
8186d86f38
|
@ -1,6 +1,6 @@
|
|||
<label>{{{field.name}}}</label>
|
||||
<div class='controls'>
|
||||
{{input value=value}}
|
||||
{{input value=value maxlength=site.user_field_max_length}}
|
||||
{{#if field.required}}<span class='required'>*</span>{{/if}}
|
||||
<p>{{{field.description}}}</p>
|
||||
</div>
|
||||
|
|
|
@ -70,6 +70,7 @@ class UsersController < ApplicationController
|
|||
UserField.where(editable: true).each do |f|
|
||||
val = params[:user_fields][f.id.to_s]
|
||||
val = nil if val === "false"
|
||||
val = val[0...UserField.max_length] if val
|
||||
|
||||
return render_json_error(I18n.t("login.missing_user_field")) if val.blank? && f.required?
|
||||
params[:custom_fields]["user_field_#{f.id}"] = val
|
||||
|
@ -221,7 +222,7 @@ class UsersController < ApplicationController
|
|||
if field_val.blank?
|
||||
return fail_with("login.missing_user_field") if f.required?
|
||||
else
|
||||
fields["user_field_#{f.id}"] = field_val
|
||||
fields["user_field_#{f.id}"] = field_val[0...UserField.max_length]
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
class UserField < ActiveRecord::Base
|
||||
validates_presence_of :name, :description, :field_type
|
||||
|
||||
def self.max_length
|
||||
2048
|
||||
end
|
||||
end
|
||||
|
||||
# == Schema Information
|
||||
|
|
|
@ -10,7 +10,8 @@ class SiteSerializer < ApplicationSerializer
|
|||
:anonymous_top_menu_items,
|
||||
:uncategorized_category_id, # this is hidden so putting it here
|
||||
:is_readonly,
|
||||
:disabled_plugins
|
||||
:disabled_plugins,
|
||||
:user_field_max_length
|
||||
|
||||
has_many :categories, serializer: BasicCategorySerializer, embed: :objects
|
||||
has_many :post_action_types, embed: :objects
|
||||
|
@ -19,7 +20,6 @@ class SiteSerializer < ApplicationSerializer
|
|||
has_many :archetypes, embed: :objects, serializer: ArchetypeSerializer
|
||||
has_many :user_fields, embed: :objects, serialzer: UserFieldSerializer
|
||||
|
||||
|
||||
def default_archetype
|
||||
Archetype.default
|
||||
end
|
||||
|
@ -56,4 +56,8 @@ class SiteSerializer < ApplicationSerializer
|
|||
Discourse.disabled_plugin_names
|
||||
end
|
||||
|
||||
def user_field_max_length
|
||||
UserField.max_length
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -596,6 +596,15 @@ describe UsersController do
|
|||
expect(inserted.custom_fields["user_field_#{optional_field.id}"]).to eq('value3')
|
||||
end
|
||||
|
||||
it "trims excessively long fields" do
|
||||
create_params[:user_fields][optional_field.id.to_s] = ('x' * 3000)
|
||||
xhr :post, :create, create_params.merge(create_params)
|
||||
expect(response).to be_success
|
||||
inserted = User.where(email: @user.email).first
|
||||
|
||||
val = inserted.custom_fields["user_field_#{optional_field.id}"]
|
||||
expect(val.length).to eq(UserField.max_length)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -984,6 +993,11 @@ describe UsersController do
|
|||
expect(response).not_to be_success
|
||||
expect(user.user_fields[user_field.id.to_s]).not_to eq('happy')
|
||||
end
|
||||
|
||||
it "trims excessively large fields" do
|
||||
put :update, username: user.username, name: 'Jim Tom', user_fields: { user_field.id.to_s => ('x' * 3000) }
|
||||
expect(user.user_fields[user_field.id.to_s].size).to eq(UserField.max_length)
|
||||
end
|
||||
end
|
||||
|
||||
context "uneditable field" do
|
||||
|
|
Loading…
Reference in New Issue
Block a user