Merge pull request #9634 from colinux/fix-regex-timeout
Sécurité (champ regex): timeout plus agressif à 1 seconde
This commit is contained in:
commit
5d3d4cbd91
4 changed files with 18 additions and 4 deletions
|
@ -293,7 +293,7 @@
|
|||
input[type=number],
|
||||
input[type=datetime-local],
|
||||
textarea,
|
||||
input[type=tel], {
|
||||
input[type=tel] {
|
||||
@media (max-width: $two-columns-breakpoint) {
|
||||
width: 100%;
|
||||
}
|
||||
|
@ -538,6 +538,17 @@
|
|||
}
|
||||
}
|
||||
|
||||
.type-de-champ-expression-reguliere {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
|
||||
&:before,
|
||||
&:after {
|
||||
font-weight: bold;
|
||||
content: "/";
|
||||
}
|
||||
}
|
||||
|
||||
[data-react-component-value^="ComboMultiple"] {
|
||||
margin-bottom: $default-fields-spacer;
|
||||
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
.cell.mt-1
|
||||
= form.label :expression_reguliere, for: dom_id(type_de_champ, :expression_reguliere) do
|
||||
= t('.expression_reguliere.labels.regex')
|
||||
.type-de-champ-expression-reguliere
|
||||
= form.text_field :expression_reguliere, class: "fr-input small-margin small", id: dom_id(type_de_champ, :expression_reguliere)
|
||||
|
||||
.cell.mt-1
|
||||
|
|
|
@ -618,7 +618,7 @@ class TypeDeChamp < ApplicationRecord
|
|||
def invalid_regexp?
|
||||
return false if expression_reguliere.blank?
|
||||
return false if expression_reguliere_exemple_text.blank?
|
||||
return false if expression_reguliere_exemple_text.match?(Regexp.new(expression_reguliere, timeout: 2.0))
|
||||
return false if expression_reguliere_exemple_text.match?(Regexp.new(expression_reguliere, timeout: ExpressionReguliereValidator::TIMEOUT))
|
||||
|
||||
self.errors.add(:expression_reguliere_exemple_text, I18n.t('errors.messages.mismatch_regexp'))
|
||||
true
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
class ExpressionReguliereValidator < ActiveModel::Validator
|
||||
TIMEOUT = 1.second.freeze
|
||||
|
||||
def validate(record)
|
||||
if record.value.present?
|
||||
if !record.value.match?(Regexp.new(record.expression_reguliere, timeout: 5.0))
|
||||
if !record.value.match?(Regexp.new(record.expression_reguliere, timeout: TIMEOUT))
|
||||
record.errors.add(:value, :invalid_regexp, expression_reguliere_error_message: record.expression_reguliere_error_message)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue