diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go index 677c2f3b9d..6069714410 100644 --- a/modules/validation/helpers.go +++ b/modules/validation/helpers.go @@ -157,6 +157,10 @@ func IsValidFederatedRepoURLList(urls string) bool { return true } +func IsOfValidLength(str string) bool { + return len(str) <= 2048 +} + var ( validUsernamePatternWithDots = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`) validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`) diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go index 6d8e0b7ead..6df98fb47a 100644 --- a/routers/web/repo/setting/setting.go +++ b/routers/web/repo/setting/setting.go @@ -197,6 +197,11 @@ func SettingsPost(ctx *context.Context) { case form.FederationRepos == "": repo.FederationRepos = "" // Validate + case !validation.IsOfValidLength(form.FederationRepos): // ToDo: Use for public testing only. In production we might need longer strings. + ctx.Data["ERR_FederationRepos"] = true + ctx.Flash.Error("The given string was larger than 2048 bytes") + ctx.Redirect(repo.Link() + "/settings") + return case validation.IsValidFederatedRepoURL(form.FederationRepos): repo.FederationRepos = form.FederationRepos default: @@ -205,7 +210,7 @@ func SettingsPost(ctx *context.Context) { ctx.Redirect(repo.Link() + "/settings") return } - // ToDo: Validate for max length before committing to db + if err := repo_service.UpdateRepository(ctx, repo, false); err != nil { ctx.ServerError("UpdateRepository", err) return