From 81711939d177924266bf988278f93bed046c9798 Mon Sep 17 00:00:00 2001
From: Simon Green <mail@simon.green>
Date: Fri, 7 Oct 2016 10:29:48 +1300
Subject: Bug 1290588 - Group Administration via interface should error if
 regular expression size is greater than column length

---
 Bugzilla/DB.pm    | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 Bugzilla/Group.pm |  6 ++++++
 2 files changed, 56 insertions(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 68582305f..51d736f27 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -1189,6 +1189,24 @@ sub bz_table_list_real {
     return @{$self->selectcol_arrayref($table_sth, { Columns => [3] })};
 }
 
+sub bz_column_length {
+    my ( $self, $table, $column ) = @_;
+    state %column_length;
+
+    if ( not exists $column_length{$table} ) {
+        my $csr = $self->column_info( undef, undef, $table, undef );
+        my $cols =
+          $csr->fetchall_arrayref( { COLUMN_NAME => 1, COLUMN_SIZE => 1 } );
+
+        foreach my $col (@$cols) {
+            $column_length{$table}{ $col->{COLUMN_NAME} } = $col->{COLUMN_SIZE}
+              // MAX_INT_32;
+        }
+    }
+
+    return $column_length{$table}{$column} // 0;
+}
+
 #####################################################################
 # Transaction Methods
 #####################################################################
@@ -2339,6 +2357,38 @@ Last inserted ID (scalar)
 
 =back
 
+=over
+
+=item C<bz_column_length>
+
+=over
+
+=item B<Description>
+
+Returns the length of the specified column as specified by the database
+
+only really useful for text based strings.
+This implementation uses DBI's
+L<column_info|https://metacpan.org/pod/DBI#column_info>.
+
+=item B<Params>
+
+=over
+
+=item C<$table> - name of table (scalar)
+
+=item C<$column> - name of column type (scalar)
+
+=back
+
+=item B<Returns>
+
+The length of the field, 0 if it does not exist.
+
+=back
+
+=back
+
 =head2 Database Setup Methods
 
 These methods are used by the Bugzilla installation programs to set up
diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index 61c085c0e..481987488 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -482,6 +482,12 @@ sub _check_description {
 sub _check_user_regexp {
     my ($invocant, $regex) = @_;
     $regex = trim($regex) || '';
+
+    my $max_length = Bugzilla->dbh->bz_column_length( 'groups', 'userregexp' );
+    ThrowUserError( "group_regexp_too_long",
+        { text => $regex, max_length => $max_length } )
+      if length($regex) > $max_length;
+
     ThrowUserError("invalid_regexp") unless (eval {qr/$regex/});
     return $regex;
 }
-- 
cgit v1.2.3-24-g4f1b