From bbd9d0d0b372d85d97b40129b0eb76cae1a00251 Mon Sep 17 00:00:00 2001 From: kolaente Date: Sun, 23 Mar 2025 18:03:29 +0100 Subject: [PATCH] fix(comment): add validation check for the max comment length Resolves https://vikunja.sentry.io/issues/6441922105/events/245b8f1de3e64951a108e2f6cb654c58/ --- pkg/models/task_comments.go | 3 +-- pkg/routes/validation.go | 23 +++++++++++++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/pkg/models/task_comments.go b/pkg/models/task_comments.go index 21b92b034..97574f31c 100644 --- a/pkg/models/task_comments.go +++ b/pkg/models/task_comments.go @@ -20,7 +20,6 @@ import ( "time" "code.vikunja.io/api/pkg/db" - "code.vikunja.io/api/pkg/events" "code.vikunja.io/api/pkg/user" "code.vikunja.io/api/pkg/web" @@ -32,7 +31,7 @@ import ( // TaskComment represents a task comment type TaskComment struct { ID int64 `xorm:"autoincr pk unique not null" json:"id" param:"commentid"` - Comment string `xorm:"text not null" json:"comment"` + Comment string `xorm:"text not null" json:"comment" valid:"dbtext,required"` AuthorID int64 `xorm:"not null" json:"-"` Author *user.User `xorm:"-" json:"author"` TaskID int64 `xorm:"not null" json:"-" param:"task"` diff --git a/pkg/routes/validation.go b/pkg/routes/validation.go index 34bba04e6..911a251fa 100644 --- a/pkg/routes/validation.go +++ b/pkg/routes/validation.go @@ -17,6 +17,9 @@ package routes import ( + "strings" + + "code.vikunja.io/api/pkg/config" "code.vikunja.io/api/pkg/models" "github.com/asaskevich/govalidator" @@ -26,9 +29,25 @@ import ( type CustomValidator struct{} func init() { - govalidator.TagMap["time"] = govalidator.Validator(func(str string) bool { + govalidator.TagMap["time"] = func(str string) bool { return govalidator.IsTime(str, "15:04") - }) + } + + // Custom validator for database TEXT fields that adapts to the database being used + govalidator.TagMap["dbtext"] = func(str string) bool { + // Get the current database dialect + dialect := strings.ToLower(config.DatabaseType.GetString()) + + // Default limit for MySQL and unknown databases (65KB safely under TEXT limit) + maxLength := 65000 + + // For databases that support larger text fields + if dialect == "postgres" || dialect == "sqlite" || dialect == "sqlite3" { + maxLength = 1048576 // ~1MB limit for PostgreSQL and SQLite + } + + return len(str) <= maxLength + } } // Validate validates stuff