From 77c25dca8c9b60c2fd8dae6eeee1405ec24edf27 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 19 Jan 2016 00:20:27 +0000 Subject: [PATCH] Validate characters in changeset comments Fixes #1135 Closes #1139 --- app/models/changeset_comment.rb | 1 + test/models/changeset_comment_test.rb | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/app/models/changeset_comment.rb b/app/models/changeset_comment.rb index ec563d6c7..2fedadff0 100644 --- a/app/models/changeset_comment.rb +++ b/app/models/changeset_comment.rb @@ -7,6 +7,7 @@ class ChangesetComment < ActiveRecord::Base validates :changeset, :presence => true, :associated => true validates :author, :presence => true, :associated => true validates :visible, :inclusion => [true, false] + validates :body, :format => /\A[^\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff]*\z/ # Return the comment text def body diff --git a/test/models/changeset_comment_test.rb b/test/models/changeset_comment_test.rb index 2e09bb884..10901f701 100644 --- a/test/models/changeset_comment_test.rb +++ b/test/models/changeset_comment_test.rb @@ -1,3 +1,4 @@ +# -*- coding: utf-8 -*- require "test_helper" class ChangesetCommentTest < ActiveSupport::TestCase @@ -38,4 +39,23 @@ class ChangesetCommentTest < ActiveSupport::TestCase def test_comments_of_changeset_count assert_equal 3, Changeset.find(changesets(:normal_user_closed_change).id).comments.count end + + def test_body_valid + ok = %W(Name vergrößern foo\nbar + ルシステムにも対応します 輕觸搖晃的遊戲) + bad = ["foo\x00bar", "foo\x08bar", "foo\x1fbar", "foo\x7fbar", + "foo\ufffebar", "foo\uffffbar"] + + ok.each do |body| + changeset_comment = changeset_comments(:normal_comment_1) + changeset_comment.body = body + assert changeset_comment.valid?, "#{body} is invalid, when it should be" + end + + bad.each do |body| + changeset_comment = changeset_comments(:normal_comment_1) + changeset_comment.body = body + assert !changeset_comment.valid?, "#{body} is valid when it shouldn't be" + end + end end -- 2.45.1