From 7b3f2b51c0ea735a4723fae24eff9bfbca254d8a Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 19 Nov 2016 11:13:41 +0000 Subject: [PATCH] Add length validations for string fields (#24283). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Patch by Felix Schäfer. git-svn-id: http://svn.redmine.org/redmine/trunk@15989 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/custom_field.rb | 1 + app/models/repository.rb | 2 ++ app/models/user.rb | 1 + app/models/version.rb | 2 +- app/models/wiki.rb | 1 + app/models/wiki_page.rb | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/models/custom_field.rb b/app/models/custom_field.rb index 46d45813c..8936a6d66 100644 --- a/app/models/custom_field.rb +++ b/app/models/custom_field.rb @@ -32,6 +32,7 @@ class CustomField < ActiveRecord::Base validates_presence_of :name, :field_format validates_uniqueness_of :name, :scope => :type validates_length_of :name, :maximum => 30 + validates_length_of :regexp, maximum: 30 validates_inclusion_of :field_format, :in => Proc.new { Redmine::FieldFormat.available_formats } validate :validate_custom_field attr_protected :id diff --git a/app/models/repository.rb b/app/models/repository.rb index 0a04b58e8..c563789b6 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -37,7 +37,9 @@ class Repository < ActiveRecord::Base # has_many :changesets, :dependent => :destroy is too slow for big repositories before_destroy :clear_changesets + validates_length_of :login, maximum: 60, allow_nil: true validates_length_of :password, :maximum => 255, :allow_nil => true + validates_length_of :root_url, :url, maximum: 255 validates_length_of :identifier, :maximum => IDENTIFIER_MAX_LENGTH, :allow_blank => true validates_uniqueness_of :identifier, :scope => :project_id validates_exclusion_of :identifier, :in => %w(browse show entry raw changes annotate diff statistics graph revisions revision) diff --git a/app/models/user.rb b/app/models/user.rb index 1a6b621c0..81a2e7c77 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -111,6 +111,7 @@ class User < Principal validates_format_of :login, :with => /\A[a-z0-9_\-@\.]*\z/i validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT validates_length_of :firstname, :lastname, :maximum => 30 + validates_length_of :identity_url, maximum: 255 validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true validate :validate_password_length validate do diff --git a/app/models/version.rb b/app/models/version.rb index 2b82f7c5b..14428f605 100644 --- a/app/models/version.rb +++ b/app/models/version.rb @@ -35,7 +35,7 @@ class Version < ActiveRecord::Base validates_presence_of :name validates_uniqueness_of :name, :scope => [:project_id] validates_length_of :name, :maximum => 60 - validates_length_of :description, :maximum => 255 + validates_length_of :description, :wiki_page_title, :maximum => 255 validates :effective_date, :date => true validates_inclusion_of :status, :in => VERSION_STATUSES validates_inclusion_of :sharing, :in => VERSION_SHARINGS diff --git a/app/models/wiki.rb b/app/models/wiki.rb index 188cb5b6c..e629baf9b 100644 --- a/app/models/wiki.rb +++ b/app/models/wiki.rb @@ -25,6 +25,7 @@ class Wiki < ActiveRecord::Base validates_presence_of :start_page validates_format_of :start_page, :with => /\A[^,\.\/\?\;\|\:]*\z/ + validates_length_of :title, maximum: 255 attr_protected :id before_destroy :delete_redirects diff --git a/app/models/wiki_page.rb b/app/models/wiki_page.rb index ae1e74cca..9922fa4be 100644 --- a/app/models/wiki_page.rb +++ b/app/models/wiki_page.rb @@ -45,6 +45,7 @@ class WikiPage < ActiveRecord::Base validates_presence_of :title validates_format_of :title, :with => /\A[^,\.\/\?\;\|\s]*\z/ validates_uniqueness_of :title, :scope => :wiki_id, :case_sensitive => false + validates_length_of :title, maximum: 255 validates_associated :content attr_protected :id -- 2.39.5