diff --git a/app/assets/javascripts/discourse/templates/components/user-fields/text.hbs b/app/assets/javascripts/discourse/templates/components/user-fields/text.hbs index 499752add..f008167a8 100644 --- a/app/assets/javascripts/discourse/templates/components/user-fields/text.hbs +++ b/app/assets/javascripts/discourse/templates/components/user-fields/text.hbs @@ -1,6 +1,6 @@
- {{input value=value}} + {{input value=value maxlength=site.user_field_max_length}} {{#if field.required}}*{{/if}}

{{{field.description}}}

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c2591c062..1e2bfd071 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -70,6 +70,7 @@ class UsersController < ApplicationController UserField.where(editable: true).each do |f| val = params[:user_fields][f.id.to_s] val = nil if val === "false" + val = val[0...UserField.max_length] if val return render_json_error(I18n.t("login.missing_user_field")) if val.blank? && f.required? params[:custom_fields]["user_field_#{f.id}"] = val @@ -221,7 +222,7 @@ class UsersController < ApplicationController if field_val.blank? return fail_with("login.missing_user_field") if f.required? else - fields["user_field_#{f.id}"] = field_val + fields["user_field_#{f.id}"] = field_val[0...UserField.max_length] end end diff --git a/app/models/user_field.rb b/app/models/user_field.rb index 7ca0c997e..648163326 100644 --- a/app/models/user_field.rb +++ b/app/models/user_field.rb @@ -1,5 +1,9 @@ class UserField < ActiveRecord::Base validates_presence_of :name, :description, :field_type + + def self.max_length + 2048 + end end # == Schema Information diff --git a/app/serializers/site_serializer.rb b/app/serializers/site_serializer.rb index 3d2149e8e..38c30737b 100644 --- a/app/serializers/site_serializer.rb +++ b/app/serializers/site_serializer.rb @@ -10,7 +10,8 @@ class SiteSerializer < ApplicationSerializer :anonymous_top_menu_items, :uncategorized_category_id, # this is hidden so putting it here :is_readonly, - :disabled_plugins + :disabled_plugins, + :user_field_max_length has_many :categories, serializer: BasicCategorySerializer, embed: :objects has_many :post_action_types, embed: :objects @@ -19,7 +20,6 @@ class SiteSerializer < ApplicationSerializer has_many :archetypes, embed: :objects, serializer: ArchetypeSerializer has_many :user_fields, embed: :objects, serialzer: UserFieldSerializer - def default_archetype Archetype.default end @@ -56,4 +56,8 @@ class SiteSerializer < ApplicationSerializer Discourse.disabled_plugin_names end + def user_field_max_length + UserField.max_length + end + end diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 4388cfaf9..7adfb989c 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -596,6 +596,15 @@ describe UsersController do expect(inserted.custom_fields["user_field_#{optional_field.id}"]).to eq('value3') end + it "trims excessively long fields" do + create_params[:user_fields][optional_field.id.to_s] = ('x' * 3000) + xhr :post, :create, create_params.merge(create_params) + expect(response).to be_success + inserted = User.where(email: @user.email).first + + val = inserted.custom_fields["user_field_#{optional_field.id}"] + expect(val.length).to eq(UserField.max_length) + end end end @@ -984,6 +993,11 @@ describe UsersController do expect(response).not_to be_success expect(user.user_fields[user_field.id.to_s]).not_to eq('happy') end + + it "trims excessively large fields" do + put :update, username: user.username, name: 'Jim Tom', user_fields: { user_field.id.to_s => ('x' * 3000) } + expect(user.user_fields[user_field.id.to_s].size).to eq(UserField.max_length) + end end context "uneditable field" do