Fix color validation regex

Also prevents ReDoS vulnerability
author: Heinrich Lee Yu <heinrich@gitlab.com> 2019-06-12 17:48:38 +0300
committer: Heinrich Lee Yu <heinrich@gitlab.com> 2019-06-25 04:06:26 +0300
commit: 717824144f8181bef524592eab882dd7525a60ef (patch)
tree: 34ab75284acca146e6aa0a5f16429e485e81cb97 /app/validators
parent: db9783f7826ed5ba58a8941dd80a1cd7dda517b0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/validators/color_validator.rb b/app/validators/color_validator.rb
index 1932d042e83..974dfbbf394 100644
--- a/app/validators/color_validator.rb
+++ b/app/validators/color_validator.rb
@@ -12,7 +12,7 @@
 #   end
 #
 class ColorValidator < ActiveModel::EachValidator
-  PATTERN = /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/.freeze
+  PATTERN = /\A\#(?:[0-9A-Fa-f]{3}){1,2}\Z/.freeze
 
   def validate_each(record, attribute, value)
     unless value =~ PATTERN
author	Heinrich Lee Yu <heinrich@gitlab.com>	2019-06-12 17:48:38 +0300
committer	Heinrich Lee Yu <heinrich@gitlab.com>	2019-06-25 04:06:26 +0300
commit	717824144f8181bef524592eab882dd7525a60ef (patch)
tree	34ab75284acca146e6aa0a5f16429e485e81cb97 /app/validators
parent	db9783f7826ed5ba58a8941dd80a1cd7dda517b0 (diff)