From a4bd30b24219e13f487adcbb96ac086f0c6083dd Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 23 May 2025 20:18:36 +0100 Subject: [PATCH] Limit diary comments to 64Kb --- app/models/diary_comment.rb | 2 +- test/models/diary_comment_test.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/models/diary_comment.rb b/app/models/diary_comment.rb index 539e7532c..582554892 100644 --- a/app/models/diary_comment.rb +++ b/app/models/diary_comment.rb @@ -29,7 +29,7 @@ class DiaryComment < ApplicationRecord scope :visible, -> { where(:visible => true) } - validates :body, :presence => true, :characters => true + validates :body, :presence => true, :characters => true, :length => 1..65536 validates :diary_entry, :user, :associated => true after_save :spam_check diff --git a/test/models/diary_comment_test.rb b/test/models/diary_comment_test.rb index c40d5eb03..9e45e43f9 100644 --- a/test/models/diary_comment_test.rb +++ b/test/models/diary_comment_test.rb @@ -11,4 +11,13 @@ class DiaryCommentTest < ActiveSupport::TestCase assert_not comment.valid? assert_not_nil comment.errors[:body], "no validation error for missing body" end + + test "body must not be too long" do + comment = build(:diary_comment, :body => "x" * 65536) + assert_predicate comment, :valid? + + comment = build(:diary_comment, :body => "x" * 65537) + assert_not_predicate comment, :valid? + assert_not_nil comment.errors[:body], "no validation error for body too long" + end end -- 2.39.5