Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce 65k character limit when attempting to update setting values. #3162

Merged
merged 14 commits into from
Nov 12, 2021

Conversation

grimmdude
Copy link
Contributor

Fixes #3081

Changes proposed in this pull request:

Throws a validation error if attempting to update setting values greater than 65k characters.

Reviewers should focus on:

Changing settings.

Screenshot

Screen Shot 2021-11-11 at 11 55 06 AM

Screen Shot 2021-11-11 at 11 55 13 AM

Necessity

  • Has the problem that is being solved here been clearly explained?
  • If applicable, have various options for solving this problem been considered?
  • For core PRs, does this need to be in core, or could it be in an extension?
  • Are we willing to maintain this for years / potentially forever?

Confirmed

  • Frontend changes: tested on a local Flarum installation.
  • Backend changes: tests are green (run composer test).
  • Core developer confirmed locally this works as intended.
  • Tests have been added, or are not appropriate here.

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR! I think it might be more consistent with our current approach if the validation logic was put into a listener for Saving::class rather than directly in the controller. ValidateCustomLess is an example of this. Please don't hesitate to ask if you have any questions!

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I didn't mention this previously, but it would be preferable to wrap logic in a class, maybe ValidateSettingLength?

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more comments, sorry for the back-and-forth:

@grimmdude
Copy link
Contributor Author

No problem @askvortsov1, thanks for the input.

@grimmdude
Copy link
Contributor Author

@askvortsov1, let me know what you think about that. Moved those settings event listeners to SettingsServiceProvider and used a more conventional approach for the new validation.

src/Settings/SettingsServiceProvider.php Outdated Show resolved Hide resolved
src/Settings/SettingsValidator.php Outdated Show resolved Hide resolved
@askvortsov1
Copy link
Member

@askvortsov1, let me know what you think about that. Moved those settings event listeners to SettingsServiceProvider and used a more conventional approach for the new validation.

Almost exactly what I intended, but in my previous comment I think I forgot to state that only the length validation logic should be moved; everything else is forum frontend dependent so it makes sense to keep it as is.

Copy link
Member

@askvortsov1 askvortsov1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@davwheat davwheat merged commit 5993c64 into flarum:master Nov 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Error accessing the forum after saving custom CSS with more than +68000 characters
4 participants