diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:34:15 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:34:15 +0000 |
commit | b01c7ad291a81bc23d2c3fe7266eaf05de6cb434 (patch) | |
tree | 87f9ce5d469b330aa336f675194d1ce11b4b38c2 /app/models | |
parent | a5b2a3786056ddf99de06c8315e9a42c3bf86cd5 (diff) | |
parent | 5af535d919c50951513f5859730afd924a01c29b (diff) | |
download | gitlab-ce-b01c7ad291a81bc23d2c3fe7266eaf05de6cb434.tar.gz |
Merge branch 'security-61974-limit-issue-comment-size' into 'master'
Limit the size of issuable description and comments
See merge request gitlab/gitlabhq!3267
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/concerns/issuable.rb | 1 | ||||
-rw-r--r-- | app/models/note.rb | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index db46d7afbb9..eefe9f00836 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -73,6 +73,7 @@ module Issuable validates :author, presence: true validates :title, presence: true, length: { maximum: 255 } + validates :description, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }, allow_blank: true validate :milestone_is_valid scope :authored, ->(user) { where(author_id: user) } diff --git a/app/models/note.rb b/app/models/note.rb index a12d1eb7243..79aad5cbff9 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -89,6 +89,7 @@ class Note < ApplicationRecord delegate :title, to: :noteable, allow_nil: true validates :note, presence: true + validates :note, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT } validates :project, presence: true, if: :for_project_noteable? # Attachments are deprecated and are handled by Markdown uploader |