Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add size limit for all PreviewCard URLs (#30973)

Browse source
This commit is contained in:
David Roetzel 2024-07-09 15:11:34 +02:00 committed by GitHub
parent ef2e48e6da
commit 967505ee9b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 35 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/models/preview_card.rb
View file

@ -46,6 +46,11 @@ class PreviewCard < ApplicationRecord
y_comp: 4,
}.freeze
# URL size limit to safely store in PosgreSQL's unique indexes
# Technically this is a byte-size limit but we use it as a
# character limit to work with length validation
URL_CHARACTER_LIMIT = 2692
self.inheritance_column = false
enum :type, { link: 0, photo: 1, video: 2, rich: 3 }
@ -63,7 +68,7 @@ class PreviewCard < ApplicationRecord
convert_options: { all: '-quality 90 +profile "!icc,*" +set date:modify +set date:create +set date:timestamp' },
validate_media_type: false
validates :url, presence: true, uniqueness: true, url: true
validates :url, presence: true, uniqueness: true, url: true, length: { maximum: URL_CHARACTER_LIMIT }
validates_attachment_content_type :image, content_type: IMAGE_MIME_TYPES
validates_attachment_size :image, less_than: LIMIT
remotable_attachment :image, LIMIT