From a4bd30b24219e13f487adcbb96ac086f0c6083dd Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 23 May 2025 20:18:36 +0100
Subject: [PATCH] Limit diary comments to 64Kb

---
 app/models/diary_comment.rb       | 2 +-
 test/models/diary_comment_test.rb | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/models/diary_comment.rb b/app/models/diary_comment.rb
index 539e7532c..582554892 100644
--- a/app/models/diary_comment.rb
+++ b/app/models/diary_comment.rb
@@ -29,7 +29,7 @@ class DiaryComment < ApplicationRecord
 
   scope :visible, -> { where(:visible => true) }
 
-  validates :body, :presence => true, :characters => true
+  validates :body, :presence => true, :characters => true, :length => 1..65536
   validates :diary_entry, :user, :associated => true
 
   after_save :spam_check
diff --git a/test/models/diary_comment_test.rb b/test/models/diary_comment_test.rb
index c40d5eb03..9e45e43f9 100644
--- a/test/models/diary_comment_test.rb
+++ b/test/models/diary_comment_test.rb
@@ -11,4 +11,13 @@ class DiaryCommentTest < ActiveSupport::TestCase
     assert_not comment.valid?
     assert_not_nil comment.errors[:body], "no validation error for missing body"
   end
+
+  test "body must not be too long" do
+    comment = build(:diary_comment, :body => "x" * 65536)
+    assert_predicate comment, :valid?
+
+    comment = build(:diary_comment, :body => "x" * 65537)
+    assert_not_predicate comment, :valid?
+    assert_not_nil comment.errors[:body], "no validation error for body too long"
+  end
 end
-- 
2.39.5