From 8b19a369e4a2845d36b74f17cc6562c006fde9b6 Mon Sep 17 00:00:00 2001
From: Eduardo Navarro <enavarro@suse.com>
Date: Tue, 18 Sep 2018 13:55:31 +0200
Subject: [PATCH] Validate input of comments, without null character

This prevents the creation of a comment with the null character, that
would make the comment invalid for xml output.

Co-authored-by: Victor Pereira <vpereira@suse.com>
---
 src/api/app/models/comment.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/api/app/models/comment.rb b/src/api/app/models/comment.rb
index fdf3c3efd7b..3348770088b 100644
--- a/src/api/app/models/comment.rb
+++ b/src/api/app/models/comment.rb
@@ -7,6 +7,8 @@ class Comment < ApplicationRecord
   validates :body, :commentable, :user, presence: true
   # FIXME: this probably should be MEDIUMTEXT(16MB) instead of text (64KB)
   validates :body, length: { maximum: 65_535 }
+  validates :body, format: { with:    /\A[^\u0000]*\Z/,
+                             message: 'must not contain null characters' }
 
   validate :validate_parent_id