Launchpad itself

Description/comment fields shouldn't crash with insanely large values.

Bug #61548 reported by Diogo Matsubara
284
Affects Status Importance Assigned to Milestone
Launchpad itself
Won't Fix
Critical
Unassigned

Bug Description

None of our text input fields should accept input of unlimited size. All our text entrys, file uploads etc. need to have a default maximum size that can be overridden in specific fields if necessary.

See original description
Diogo Matsubara (matsubara)
description: updated
Revision history for this message
Stuart Bishop (stub) wrote :

Already known upstream - need to fix in Zope3

Changed in launchpad:
assignee: nobody → stub
Francis J. Lacoste (flacoste)
description: updated
Revision history for this message
Stuart Bishop (stub) wrote :

Upstream Z3 fix won't help, as allowed request size will still need to be huge to allow file uploads.

So field validators will need to detect long strings and raise an invalid data exception. I suspect we should set a default value for all our text fields, and override them if appropriate to smaller or larger values.

Revision history for this message
Diogo Matsubara (matsubara) wrote :

 Jonathan Knowles is fixing a specific version of this bug affecting bug descriptions (bug 78911)

Revision history for this message
Stuart Bishop (stub) wrote :

Bug.description has been limited in the DB to 50,000 characters in launchpad/devel. Forms need to be updated so they generate useful error messages instead of OOPSing.

Changed in launchpad:
assignee: stub → nobody
description: updated
Robert Collins (lifeless)
Changed in launchpad:
importance: Medium → Critical
Revision history for this message
Curtis Hovey (sinzui) wrote :

The correct fix is to update fields that are oopsing. None are oopsing at this time. I have fix some similar oopses in the few months and closed their respective bugs. We can open a specific bug for such problems when they occur.

Changed in launchpad:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.