Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce 65k character limit when attempting to update setting values. #3162

Merged
merged 14 commits into from
Nov 12, 2021
Merged

Enforce 65k character limit when attempting to update setting values. #3162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a827a51
Enforce 65k limit when attempting to store setting values.
grimmdude Nov 11, 2021
1730ad5
Add space for style.
grimmdude Nov 11, 2021
0994552
Move setting validation into Saving event listener.
grimmdude Nov 11, 2021
0418533
Use consistent var names
grimmdude Nov 11, 2021
2b2ebe7
remove extra space
grimmdude Nov 11, 2021
485313d
Move settings validation into separate class.
grimmdude Nov 11, 2021
2f732fa
Remove unused class.
grimmdude Nov 11, 2021
0f24e0f
Remove extra line.
grimmdude Nov 11, 2021
55c165c
Move ValidateCustomLess to SettingsServiceProvider. Use existing con…
grimmdude Nov 12, 2021
b38f980
Update src/Settings/SettingsValidator.php
grimmdude Nov 12, 2021
31ee602
Revert moving of ValidateCustomLess logic. Allow for attribute speci…
grimmdude Nov 12, 2021
102e70d
Style fixes.
grimmdude Nov 12, 2021
c7cfbab
Style fixes.
grimmdude Nov 12, 2021
f43b3a6
Style fixes.
grimmdude Nov 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions src/Settings/SettingsServiceProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@
namespace Flarum\Settings;

use Flarum\Foundation\AbstractServiceProvider;
use Flarum\Settings\Event\Saving;
use Illuminate\Contracts\Container\Container;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Support\Collection;

Expand Down Expand Up @@ -41,4 +43,14 @@ public function register()

$this->container->alias(SettingsRepositoryInterface::class, 'flarum.settings');
}

public function boot(Dispatcher $events, SettingsValidator $settingsValidator)
{
$events->listen(
Saving::class,
function (Saving $event) use ($settingsValidator) {
$settingsValidator->assertValid($event->settings);
}
);
}
}
61 changes: 61 additions & 0 deletions src/Settings/SettingsValidator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
<?php

/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/

namespace Flarum\Settings;

use Flarum\Foundation\AbstractValidator;

class SettingsValidator extends AbstractValidator
{
/**
* @var array
*/
protected $rules = [];

/**
* These rules apply to all attributes.
*
* Entries in the default DB settings table are limited to 65,000
* characters. We validate against this to avoid confusing errors.
*
* @var array
*/
protected $globalRules = [
'max:65000',
];

/**
* Make a new validator instance for this model.
*
* @param array $attributes
* @return \Illuminate\Validation\Validator
*/
protected function makeValidator(array $attributes)
{
// Apply global rules first.
$rules = array_map(function () {
return $this->globalRules;
}, $attributes);

// Apply attribute specific rules.
foreach ($rules as $key => $value) {
if (array_key_exists($key, $this->rules)) {
$rules[$key] = array_merge($rules[$key], $this->rules[$key]);
}
}

$validator = $this->validator->make($attributes, $rules, $this->getMessages());

foreach ($this->configuration as $callable) {
$callable($this, $validator);
}

return $validator;
}
}