github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Limit chat message char length (#19207)

Browse Source 
Only allow maximum of 6000 characters for chat messages when they
are created or edited. A hidden setting can control this limit,
6000 is the default.

There is also a migration here to truncate any existing messages to
6000 characters if the message is already over that and if the
chat_messages table exists. We also set cooked_version to NULL
for those messages so we can identify them for rebake.
This commit is contained in:
Martin Brennan
2022-11-28 10:48:30 +10:00
committed by GitHub
parent a71f6cf09b
commit 3de765c895
8 changed files with 99 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/chat/db/post_migrate/20221117052348_truncate_chat_messages_over_max_length.rb Normal file
View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
class TruncateChatMessagesOverMaxLength < ActiveRecord::Migration[7.0]
def up
if table_exists?(:chat_messages)
# 6000 is the default of the chat_maximum_message_length
# site setting, its safe to do this because this will be
# run the first time the setting is introduced.
execute <<~SQL
UPDATE chat_messages
SET message = LEFT(message, 6000), cooked_version = NULL
WHERE LENGTH(message) > 6000
SQL
end
end
def down
raise ActiveRecord::IrreversibleMigration
end
end