From 54c50a815dc6db9e0729f56309213f12dd4a1b35 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Sun, 2 Jun 2024 12:33:40 +0100 Subject: [PATCH] Limit reason field length --- app/blueprints/packages/packages.py | 4 +++- app/templates/packages/remove.html | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/app/blueprints/packages/packages.py b/app/blueprints/packages/packages.py index 972a3657..e5de11d1 100644 --- a/app/blueprints/packages/packages.py +++ b/app/blueprints/packages/packages.py @@ -464,12 +464,14 @@ def remove(package): hard_deps = Package.query.filter( Package.state == PackageState.APPROVED, Package.dependencies.any( - and_(Dependency.meta_package_id.in_([x.id for x in broken_meta]), Dependency.optional == False))) + and_(Dependency.meta_package_id.in_([x.id for x in broken_meta]), Dependency.optional == False))).all() return render_template("packages/remove.html", package=package, hard_deps=hard_deps, tabs=get_package_tabs(current_user, package), current_tab="remove") reason = request.form.get("reason") or "?" + if len(reason) > 500: + abort(400) if "delete" in request.form: if not package.check_perm(current_user, Permission.DELETE_PACKAGE): diff --git a/app/templates/packages/remove.html b/app/templates/packages/remove.html index 30a1d28c..35640189 100644 --- a/app/templates/packages/remove.html +++ b/app/templates/packages/remove.html @@ -10,8 +10,8 @@ Remove {{ package.title }}

{{ _("In order to avoid data loss, you cannot permanently delete packages. You can remove them from ContentDB, which will cause them to not be - visible to any users and they may be permanently deleted in the future. - The Admin can restore removed packages, if needed.") }} + visible to any users. Removed packages may be permanently deleted at a + later point. ContentDB staff can restore removed packages, if needed.") }}

{% if package.approved %} @@ -47,7 +47,7 @@ Remove {{ package.title }} {{ _("Required") }} - + {{ _("Reason for unapproval / deletion, this is shown in the audit log") }}