Bug 1290588 - Group Administration via interface should error if regu…

…lar expression size is greater than column length
bugzilla · Oct 6, 2016 · 8171193 · 8171193
1 parent 63f79c6
commit 8171193
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
@@ -1189,6 +1189,24 @@ sub bz_table_list_real {
     return @{$self->selectcol_arrayref($table_sth, { Columns => [3] })};
 }
 
+sub bz_column_length {
+    my ( $self, $table, $column ) = @_;
+    state %column_length;
+
+    if ( not exists $column_length{$table} ) {
+        my $csr = $self->column_info( undef, undef, $table, undef );
+        my $cols =
+          $csr->fetchall_arrayref( { COLUMN_NAME => 1, COLUMN_SIZE => 1 } );
+
+        foreach my $col (@$cols) {
+            $column_length{$table}{ $col->{COLUMN_NAME} } = $col->{COLUMN_SIZE}
+              // MAX_INT_32;
+        }
+    }
+
+    return $column_length{$table}{$column} // 0;
+}
+
 #####################################################################
 # Transaction Methods
 #####################################################################
@@ -2339,6 +2357,38 @@ Last inserted ID (scalar)
 
 =back
 
+=over
+
+=item C<bz_column_length>
+
+=over
+
+=item B<Description>
+
+Returns the length of the specified column as specified by the database
+
+only really useful for text based strings.
+This implementation uses DBI's
+L<column_info|https://metacpan.org/pod/DBI#column_info>.
+
+=item B<Params>
+
+=over
+
+=item C<$table> - name of table (scalar)
+
+=item C<$column> - name of column type (scalar)
+
+=back
+
+=item B<Returns>
+
+The length of the field, 0 if it does not exist.
+
+=back
+
+=back
+
 =head2 Database Setup Methods
 
 These methods are used by the Bugzilla installation programs to set up

diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
@@ -482,6 +482,12 @@ sub _check_description {
 sub _check_user_regexp {
     my ($invocant, $regex) = @_;
     $regex = trim($regex) || '';
+
+    my $max_length = Bugzilla->dbh->bz_column_length( 'groups', 'userregexp' );
+    ThrowUserError( "group_regexp_too_long",
+        { text => $regex, max_length => $max_length } )
+      if length($regex) > $max_length;
+
     ThrowUserError("invalid_regexp") unless (eval {qr/$regex/});
     return $regex;
 }

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
@@ -900,6 +900,13 @@
     or you are not allowed to remove [% terms.bugs %] from this group in the
     '[% product FILTER html %]' product.
 
+  [% ELSIF error == "group_regexp_too_long" %]
+    [% title = "Group Regular Expression Too Long" %]
+    The text you entered in the regular expression
+    field is too long ([% text.length FILTER html %] characters,
+    above the maximum length allowed of
+    [%+ max_length FILTER none %] characters).
+
   [% ELSIF error == "group_restriction_not_allowed" %]
     [% title = "Group Restriction Not Allowed" %]
     You tried to restrict [% bug_id ? "$terms.bug $bug_id" : terms.abug FILTER html %]