diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 10:43:03 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 10:43:03 +0300 |
commit | a9ff1532818814fd9645fa8c673b3018ea1f91c6 (patch) | |
tree | b2c6030db514e94e281a1715ab9c5845a7f30825 /app | |
parent | 71636fed6e048b41cc595871bea412d6e75c56ea (diff) | |
parent | dcae7fab92a93f3750831b4e70e9b61d3c064b83 (diff) |
Merge branch 'security-61974-limit-issue-comment-size-12-1' into '12-1-stable'
Limit the size of issuable description and comments
See merge request gitlab/gitlabhq!3271
Diffstat (limited to 'app')
-rw-r--r-- | app/models/concerns/issuable.rb | 1 | ||||
-rw-r--r-- | app/models/note.rb | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index 952de92cae1..052d1678bc2 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -73,6 +73,7 @@ module Issuable validates :author, presence: true validates :title, presence: true, length: { maximum: 255 } + validates :description, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }, allow_blank: true validate :milestone_is_valid scope :authored, ->(user) { where(author_id: user) } diff --git a/app/models/note.rb b/app/models/note.rb index 9485f1037c1..3cc6d46a5e0 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -85,6 +85,7 @@ class Note < ApplicationRecord delegate :title, to: :noteable, allow_nil: true validates :note, presence: true + validates :note, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT } validates :project, presence: true, if: :for_project_noteable? # Attachments are deprecated and are handled by Markdown uploader |