From ecabefba1906526bf4038fa8c642688f93dbeb3e Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 30 Jul 2014 13:26:54 +0300
Subject: More strict validation for label title

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/models/label.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'app/models/label.rb')

diff --git a/app/models/label.rb b/app/models/label.rb
index 31f68c31e5c..ea1daa6a204 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -2,9 +2,11 @@ class Label < ActiveRecord::Base
   belongs_to :project
   has_many :label_links, dependent: :destroy
 
-  validates :color, format: { with: /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/ }, allow_blank: true
+  validates :color, format: { with: /\A\#[0-9A-Fa-f]{6}+\Z/ }, allow_blank: true
   validates :project, presence: true
-  validates :title, presence: true
+
+  # Dont allow '?', '&', and ',' for label titles
+  validates :title, presence: true, format: { with: /\A[^&\?,&]*\z/ }
 
   def name
     title
-- 
cgit v1.2.1