Merge pull request #9634 from colinux/fix-regex-timeout
Sécurité (champ regex): timeout plus agressif à 1 seconde
This commit is contained in:
Colin Darie
GitHub
commit
5d3d4cbd91
4 changed files with 18 additions and 4 deletions
|
|
@ -293,7 +293,7 @@
|
||||||
input[type=number],
|
input[type=number],
|
||||||
input[type=datetime-local],
|
input[type=datetime-local],
|
||||||
textarea,
|
textarea,
|
||||||
input[type=tel], {
|
input[type=tel] {
|
||||||
@media (max-width: $two-columns-breakpoint) {
|
@media (max-width: $two-columns-breakpoint) {
|
||||||
width: 100%;
|
width: 100%;
|
||||||
}
|
}
|
||||||
|
|
@ -538,6 +538,17 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.type-de-champ-expression-reguliere {
|
||||||
|
display: flex;
|
||||||
|
align-items: center;
|
||||||
|
|
||||||
|
&:before,
|
||||||
|
&:after {
|
||||||
|
font-weight: bold;
|
||||||
|
content: "/";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
[data-react-component-value^="ComboMultiple"] {
|
[data-react-component-value^="ComboMultiple"] {
|
||||||
margin-bottom: $default-fields-spacer;
|
margin-bottom: $default-fields-spacer;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,6 +50,7 @@
|
||||||
.cell.mt-1
|
.cell.mt-1
|
||||||
= form.label :expression_reguliere, for: dom_id(type_de_champ, :expression_reguliere) do
|
= form.label :expression_reguliere, for: dom_id(type_de_champ, :expression_reguliere) do
|
||||||
= t('.expression_reguliere.labels.regex')
|
= t('.expression_reguliere.labels.regex')
|
||||||
|
.type-de-champ-expression-reguliere
|
||||||
= form.text_field :expression_reguliere, class: "fr-input small-margin small", id: dom_id(type_de_champ, :expression_reguliere)
|
= form.text_field :expression_reguliere, class: "fr-input small-margin small", id: dom_id(type_de_champ, :expression_reguliere)
|
||||||
|
|
||||||
.cell.mt-1
|
.cell.mt-1
|
||||||
|
|
|
||||||
|
|
@ -618,7 +618,7 @@ class TypeDeChamp < ApplicationRecord
|
||||||
def invalid_regexp?
|
def invalid_regexp?
|
||||||
return false if expression_reguliere.blank?
|
return false if expression_reguliere.blank?
|
||||||
return false if expression_reguliere_exemple_text.blank?
|
return false if expression_reguliere_exemple_text.blank?
|
||||||
return false if expression_reguliere_exemple_text.match?(Regexp.new(expression_reguliere, timeout: 2.0))
|
return false if expression_reguliere_exemple_text.match?(Regexp.new(expression_reguliere, timeout: ExpressionReguliereValidator::TIMEOUT))
|
||||||
|
|
||||||
self.errors.add(:expression_reguliere_exemple_text, I18n.t('errors.messages.mismatch_regexp'))
|
self.errors.add(:expression_reguliere_exemple_text, I18n.t('errors.messages.mismatch_regexp'))
|
||||||
true
|
true
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,9 @@
|
||||||
class ExpressionReguliereValidator < ActiveModel::Validator
|
class ExpressionReguliereValidator < ActiveModel::Validator
|
||||||
|
TIMEOUT = 1.second.freeze
|
||||||
|
|
||||||
def validate(record)
|
def validate(record)
|
||||||
if record.value.present?
|
if record.value.present?
|
||||||
if !record.value.match?(Regexp.new(record.expression_reguliere, timeout: 5.0))
|
if !record.value.match?(Regexp.new(record.expression_reguliere, timeout: TIMEOUT))
|
||||||
record.errors.add(:value, :invalid_regexp, expression_reguliere_error_message: record.expression_reguliere_error_message)
|
record.errors.add(:value, :invalid_regexp, expression_reguliere_error_message: record.expression_reguliere_error_message)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue