User able to post exceeding maximum length restrictions

(Joshua Rosenfeld) #1

Filing this as a bug, feel free to change to support if not the case.

Over at Stonehearth we had a user post a log directly as text in the editor, and was able to submit it. The post exceeds the maximum length allowed significantly, as I tried to edit the post to surround the log in a code block but was not allowed. The post in question was originally here and moved to here where I converted it to a Pastebin link.

The error received stated:

Body is limited to 32000 characters; you entered 2459079.

If it helps troubleshoot, this post likely went through the approval queue as the user is new and we currently have the first 2 posts from each user go into the queue.

(cpradio) #2

Sounds similar to

In the sense, that the Post Approval Queue isn’t validating the post before permitting it. Looks like another change in that area would need to be made so it abides by content length too.

(Jeff Atwood) #3

This is a bug @eviltrout.

(Robin Ward) #4

It’s honestly a little challenging to validate every little thing, due to the way the queue works. The (perhaps wrong) assumption I made when designing it was that the staff member had to approve it anyway, so the validation was less important.

Having said that, I did manage to get a bunch more validation in place, including the length:

(Jeff Atwood) #5

(Kane York) #6

Could you call into PostCreator with the ‘in transaction’ flag set, and always rollback, and only queue if PostCreator succeeded?

(Robin Ward) #7

Yes but that would be doing double the work in many cases, just for the sake of validating! The goal is to not build up a graph of extra queries.