-
-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce 65k character limit when attempting to update setting values. #3162
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR! I think it might be more consistent with our current approach if the validation logic was put into a listener for Saving::class
rather than directly in the controller. ValidateCustomLess
is an example of this. Please don't hesitate to ask if you have any questions!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I didn't mention this previously, but it would be preferable to wrap logic in a class, maybe ValidateSettingLength
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more comments, sorry for the back-and-forth:
- We register
ValidateCustomLess
in theForumServiceProvider
because it's diretly relevant to the forum frontend (custom LESS isn't used on the forum side). However, I think it would be better to register this code in the SettingsServiceProvider, as this validation logic applies to all settings. - As a convention, all our validators extend
AbstractValidator
(https://github.com/flarum/core/blob/312ff057f85d79548c35ec0f57459382d2f0d378/src/Foundation/AbstractValidator.php#L17-L17). I would prefer to either follow this pattern here, or for the new class to be an event listener (via invokable class).
No problem @askvortsov1, thanks for the input. |
…ention for validator.
@askvortsov1, let me know what you think about that. Moved those settings event listeners to |
Almost exactly what I intended, but in my previous comment I think I forgot to state that only the length validation logic should be moved; everything else is forum frontend dependent so it makes sense to keep it as is. |
Co-authored-by: Alexander Skvortsov <[email protected]>
…ic setting validation rules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Fixes #3081
Changes proposed in this pull request:
Throws a validation error if attempting to update setting values greater than 65k characters.
Reviewers should focus on:
Changing settings.
Screenshot
Necessity
Confirmed
composer test
).