From 1f8cd7f0812ecbe929522db7b87d8c83c3684df4 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Thu, 11 Jun 2020 00:42:16 +0300 Subject: [PATCH 1/3] Limit key size to 32 chars --- app/views/console/database/collection.phtml | 4 +-- src/Appwrite/Database/Validator/Key.php | 6 +++- tests/unit/Database/Validator/KeyTest.php | 36 +++++++++++++++++++++ 3 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 tests/unit/Database/Validator/KeyTest.php diff --git a/app/views/console/database/collection.phtml b/app/views/console/database/collection.phtml index 8c6c75754d..da586a85d7 100644 --- a/app/views/console/database/collection.phtml +++ b/app/views/console/database/collection.phtml @@ -251,7 +251,7 @@ $rules = $collection->getAttribute('rules', []);
- +
@@ -404,7 +404,7 @@ $rules = $collection->getAttribute('rules', []);
- +
diff --git a/src/Appwrite/Database/Validator/Key.php b/src/Appwrite/Database/Validator/Key.php index aef689fe02..f6cc7ce91f 100644 --- a/src/Appwrite/Database/Validator/Key.php +++ b/src/Appwrite/Database/Validator/Key.php @@ -34,11 +34,15 @@ class Key extends Validator */ public function isValid($value) { + if(!is_string($value)) { + return false; + } + if (preg_match('/[^A-Za-z0-9\-\_]/', $value)) { return false; } - if (mb_strlen($value) > 40) { + if (mb_strlen($value) > 32) { return false; } diff --git a/tests/unit/Database/Validator/KeyTest.php b/tests/unit/Database/Validator/KeyTest.php new file mode 100644 index 0000000000..1ec815ce2f --- /dev/null +++ b/tests/unit/Database/Validator/KeyTest.php @@ -0,0 +1,36 @@ +object = new Key(); + } + + public function tearDown() + { + } + + public function testValues() + { + $this->assertEquals($this->object->isValid('dasda asdasd'), false); + $this->assertEquals($this->object->isValid('asdasdasdas'), true); + $this->assertEquals($this->object->isValid('as$$5dasdasdas'), false); + $this->assertEquals($this->object->isValid(false), false); + $this->assertEquals($this->object->isValid(null), false); + $this->assertEquals($this->object->isValid('socialAccountForYoutubeSubscribers'), false); + $this->assertEquals($this->object->isValid('socialAccountForYoutubeSubscriber'), false); + $this->assertEquals($this->object->isValid('socialAccountForYoutubeSubscribe'), true); + $this->assertEquals($this->object->isValid('socialAccountForYoutubeSubscrib'), true); + } +} \ No newline at end of file From 9eef72cdd385876ad5e464010304c8243f42b783 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Thu, 11 Jun 2020 07:37:12 +0300 Subject: [PATCH 2/3] Limited number of cells --- app/views/console/database/collection.phtml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/app/views/console/database/collection.phtml b/app/views/console/database/collection.phtml index da586a85d7..c3ed6e5574 100644 --- a/app/views/console/database/collection.phtml +++ b/app/views/console/database/collection.phtml @@ -1,6 +1,7 @@ getParam('collection', []); $rules = $collection->getAttribute('rules', []); +$maxCells = 10; ?>
getAttribute('rules', []); - $rule): + if($i > $maxCells) { + break; + } $label = (isset($rule['label'])) ? $rule['label'] : ''; ?> @@ -96,7 +100,10 @@ $rules = $collection->getAttribute('rules', []); - $rule): + if($i > $maxCells) { + break; + } $label = (isset($rule['label'])) ? $rule['label'] : ''; $key = (isset($rule['key'])) ? $rule['key'] : ''; $type = (isset($rule['type'])) ? $rule['type'] : ''; From 74744cace019069383c0417deadff06d9b40571e Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Thu, 11 Jun 2020 07:38:19 +0300 Subject: [PATCH 3/3] Updated change log --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index cbd6a58996..d27cb023c0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -12,6 +12,7 @@ - Fixed output of /v1/health/queue/certificates returning wrong data - Fixed network calculation for uploaded files - Fixed a UI bug preventing float values in numeric fields +- Fixed missing validation for database documents key length (32 chars) ## Security
escape($label); ?>