Permalink
Show file tree
Hide file tree
5 changes: 2 additions & 3 deletions
5
plugins/chat/app/controllers/incoming_chat_webhooks_controller.rb
48 changes: 36 additions & 12 deletions
48
plugins/chat/spec/components/chat_message_updater_spec.rb
4 changes: 2 additions & 2 deletions
4
plugins/chat/spec/requests/incoming_chat_webhooks_controller_spec.rb
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
SECURITY: Limit chat message char length (#19207)
Only allow maximum of 6000 characters for chat messages when they are created or edited. A hidden setting can control this limit, 6000 is the default. There is also a migration here to truncate any existing messages to 6000 characters if the message is already over that and if the chat_messages table exists. We also set cooked_version to NULL for those messages so we can identify them for rebake.
- Loading branch information
1 parent
a71f6cf
commit 3de765c
Showing
8 changed files
with
99 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
plugins/chat/db/post_migrate/20221117052348_truncate_chat_messages_over_max_length.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| class TruncateChatMessagesOverMaxLength < ActiveRecord::Migration[7.0] | ||
| def up | ||
| if table_exists?(:chat_messages) | ||
| # 6000 is the default of the chat_maximum_message_length | ||
| # site setting, its safe to do this because this will be | ||
| # run the first time the setting is introduced. | ||
| execute <<~SQL | ||
| UPDATE chat_messages | ||
| SET message = LEFT(message, 6000), cooked_version = NULL | ||
| WHERE LENGTH(message) > 6000 | ||
| SQL | ||
| end | ||
| end | ||
|
|
||
| def down | ||
| raise ActiveRecord::IrreversibleMigration | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters