Validate input of comments, without null character

This prevents the creation of a comment with the null character, that would make the comment invalid for xml output. Co-authored-by: Victor Pereira <vpereira@suse.com>
openSUSE · Sep 18, 2018 · 8b19a36 · 8b19a36
1 parent 76f9212
commit 8b19a36
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/api/app/models/comment.rb b/src/api/app/models/comment.rb
@@ -7,6 +7,8 @@ class Comment < ApplicationRecord
   validates :body, :commentable, :user, presence: true
   # FIXME: this probably should be MEDIUMTEXT(16MB) instead of text (64KB)
   validates :body, length: { maximum: 65_535 }
+  validates :body, format: { with:    /\A[^\u0000]*\Z/,
+                             message: 'must not contain null characters' }
 
   validate :validate_parent_id