Merge pull request 'fix: validate title length when updating an issue' (#4809) from thilinajayanath/forgejo:validate-issue-title-update into forgejo

+75 -3

2 changed files

expand all

routers

web

repo

issue.go

tests

integration

issue_test.go

+15 -3

routers/web/repo/issue.go

··· 57 57 issue_service "code.gitea.io/gitea/services/issue" 58 58 pull_service "code.gitea.io/gitea/services/pull" 59 59 repo_service "code.gitea.io/gitea/services/repository" 60 + 61 + "gitea.com/go-chi/binding" 60 62 ) 61 63 62 64 const ( ··· 2218 2220 ctx.Error(http.StatusForbidden) 2219 2221 return 2220 2222 } 2221 - 2222 2223 title := ctx.FormTrim("title") 2223 - if len(title) == 0 { 2224 - ctx.Error(http.StatusNoContent) 2224 + if util.IsEmptyString(title) { 2225 + ctx.Error(http.StatusBadRequest, "Title cannot be empty or spaces") 2226 + return 2227 + } 2228 + 2229 + // Creating a CreateIssueForm with the title so that we can validate the max title length 2230 + i := forms.CreateIssueForm{ 2231 + Title: title, 2232 + } 2233 + 2234 + bindingErr := binding.RawValidate(i) 2235 + if bindingErr.Has(binding.ERR_MAX_SIZE) { 2236 + ctx.Error(http.StatusBadRequest, "Title cannot be longer than 255 characters") 2225 2237 return 2226 2238 } 2227 2239

+60

tests/integration/issue_test.go

··· 1005 1005 assert.EqualValues(t, "2022-04-06", apiIssue.Deadline.Format("2006-01-02")) 1006 1006 } 1007 1007 1008 + func TestUpdateIssueTitle(t *testing.T) { 1009 + defer tests.PrepareTestEnv(t)() 1010 + 1011 + issueBefore := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1}) 1012 + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issueBefore.RepoID}) 1013 + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 1014 + 1015 + require.NoError(t, issueBefore.LoadAttributes(db.DefaultContext)) 1016 + assert.Equal(t, "issue1", issueBefore.Title) 1017 + 1018 + issueTitleUpdateTests := []struct { 1019 + title string 1020 + expectedHTTPCode int 1021 + }{ 1022 + { 1023 + title: "normal-title", 1024 + expectedHTTPCode: http.StatusOK, 1025 + }, 1026 + { 1027 + title: "extra-long-title-with-exactly-255-chars-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1028 + expectedHTTPCode: http.StatusOK, 1029 + }, 1030 + { 1031 + title: "", 1032 + expectedHTTPCode: http.StatusBadRequest, 1033 + }, 1034 + { 1035 + title: " ", 1036 + expectedHTTPCode: http.StatusBadRequest, 1037 + }, 1038 + { 1039 + title: "extra-long-title-over-255-chars-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1040 + expectedHTTPCode: http.StatusBadRequest, 1041 + }, 1042 + } 1043 + 1044 + session := loginUser(t, owner.Name) 1045 + issueURL := fmt.Sprintf("%s/%s/issues/%d", owner.Name, repo.Name, issueBefore.Index) 1046 + urlStr := issueURL + "/title" 1047 + 1048 + for _, issueTitleUpdateTest := range issueTitleUpdateTests { 1049 + req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ 1050 + "title": issueTitleUpdateTest.title, 1051 + "_csrf": GetCSRF(t, session, issueURL), 1052 + }) 1053 + 1054 + resp := session.MakeRequest(t, req, issueTitleUpdateTest.expectedHTTPCode) 1055 + 1056 + // JSON data is received only if the request succeeds 1057 + if issueTitleUpdateTest.expectedHTTPCode == http.StatusOK { 1058 + issueAfter := struct { 1059 + Title string `json:"title"` 1060 + }{} 1061 + 1062 + DecodeJSON(t, resp, &issueAfter) 1063 + assert.EqualValues(t, issueTitleUpdateTest.title, issueAfter.Title) 1064 + } 1065 + } 1066 + } 1067 + 1008 1068 func TestIssueReferenceURL(t *testing.T) { 1009 1069 defer tests.PrepareTestEnv(t)() 1010 1070 session := loginUser(t, "user2")

Configure Feed

Configure Feed