mirror of
https://github.com/discourse/discourse.git
synced 2024-12-11 23:33:56 +08:00
d5745d34c2
When creating a group membership request, there is no character limit on the 'reason' field. This can be potentially be used by an attacker to create enormous amount of data in the database. Co-authored-by: Ted Johansson <ted@discourse.org>
11 lines
261 B
Ruby
11 lines
261 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe GroupRequest do
|
|
it { is_expected.to belong_to :user }
|
|
it { is_expected.to belong_to :group }
|
|
|
|
it do
|
|
is_expected.to validate_length_of(:reason).is_at_most(described_class::REASON_CHARACTER_LIMIT)
|
|
end
|
|
end
|