RocketChat
fix: Apply message character limit to file upload description
Proposed changes (including videos or screenshots)
Added the message character limit restriction to the file upload description field, before this, you could send a message bigger than the limit by sending a file with a large description
Issue(s)
![dionisio-bot[bot] avatar](https://avatars.githubusercontent.com/in/257776?v=4 "Published by a pub.dev verified publisher"){kind=small}
🦋 Changeset detected
Latest commit: 2babbb1dee32451cce1caf1c323f3d23355f3177
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 37 packages
| Name | Type |
|---|---|
| @rocket.chat/meteor | Patch |
| @rocket.chat/i18n | Patch |
| @rocket.chat/mock-providers | Patch |
| @rocket.chat/ui-contexts | Patch |
| @rocket.chat/web-ui-registration | Patch |
| @rocket.chat/fuselage-ui-kit | Patch |
| @rocket.chat/ui-client | Patch |
| @rocket.chat/ui-voip | Patch |
| @rocket.chat/uikit-playground | Patch |
| @rocket.chat/gazzodown | Patch |
| @rocket.chat/livechat | Patch |
| @rocket.chat/ui-avatar | Patch |
| @rocket.chat/ui-video-conf | Patch |
| @rocket.chat/core-typings | Patch |
| @rocket.chat/rest-typings | Patch |
| @rocket.chat/api-client | Patch |
| @rocket.chat/apps | Patch |
| @rocket.chat/core-services | Patch |
| @rocket.chat/cron | Patch |
| @rocket.chat/ddp-client | Patch |
| @rocket.chat/freeswitch | Patch |
| @rocket.chat/model-typings | Patch |
| @rocket.chat/account-service | Patch |
| @rocket.chat/authorization-service | Patch |
| @rocket.chat/ddp-streamer | Patch |
| @rocket.chat/omnichannel-transcript | Patch |
| @rocket.chat/presence-service | Patch |
| @rocket.chat/queue-worker | Patch |
| @rocket.chat/stream-hub-service | Patch |
| @rocket.chat/license | Patch |
| @rocket.chat/omnichannel-services | Patch |
| @rocket.chat/pdf-worker | Patch |
| @rocket.chat/presence | Patch |
| rocketchat-services | Patch |
| @rocket.chat/network-broker | Patch |
| @rocket.chat/models | Patch |
| @rocket.chat/instance-status | Patch |
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 58.90%. Comparing base (
b56d4c5) to head (2babbb1). Report is 1 commits behind head on develop.
Additional details and impacted files
@@ Coverage Diff @@
## develop #33218 +/- ##
============================================
- Coverage 75.18% 58.90% -16.29%
============================================
Files 495 2794 +2299
Lines 21600 66737 +45137
Branches 5362 15003 +9641
============================================
+ Hits 16241 39314 +23073
- Misses 4717 24608 +19891
- Partials 642 2815 +2173
| Flag | Coverage Δ | |
|---|---|---|
| unit | 75.18% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
PR Preview Action v1.4.8
:---:
:rocket: Deployed preview to https://RocketChat.github.io/Rocket.Chat/pr-preview/pr-33218/
on branch gh-pages at 2024-11-18 13:19 UTC
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @MartinSchoeler,
Would it be a good idea to implement the check on the backend as well? Currently, users can send long messages through the API bypassing the character limit.
From a security perspective, it would be important to also implement these checks in the backend. Any checks that we're implementing on the frontend that aim at preventing users from doing a specific action should also be done in the backend to avoid users bypassing frontend controls by crafting requests and interacting with the API directly
