[loggi-983] Add server-side validation for record text length #125

New issue

Closed

opened 2026-02-21 21:43:00 +01:00 by matthias · 0 comments

matthias commented

2026-02-21 21:43:00 +01:00

Owner

Bead ID: loggi-983
Type: task
Priority: P3
Status: closed
Close reason: Added MAX_RECORD_TEXT = 50,000 char limit. Validated in both POST /api/entries//records and PATCH /api/records/ endpoints. Added 7 tests covering: too-long rejected, at-limit accepted, null text OK (both create and edit).

EntryRecord.text is a Text column (unlimited), but there's no server-side cap on text length in record creation/edit endpoints. A malicious client could submit megabytes of text in a single record.\n\nSuggested fix: add a reasonable max length check (e.g. 50,000 chars) in the POST/PATCH record endpoints in routes.py. This matches the pattern of the entry field validation added for name/color/icon.

Dependencies:

blocks: loggi-2ze

**Bead ID:** `loggi-983` **Type:** task **Priority:** P3 **Status:** closed **Close reason:** Added MAX_RECORD_TEXT = 50,000 char limit. Validated in both POST /api/entries/<id>/records and PATCH /api/records/<id> endpoints. Added 7 tests covering: too-long rejected, at-limit accepted, null text OK (both create and edit). --- EntryRecord.text is a Text column (unlimited), but there's no server-side cap on text length in record creation/edit endpoints. A malicious client could submit megabytes of text in a single record.\n\nSuggested fix: add a reasonable max length check (e.g. 50,000 chars) in the POST/PATCH record endpoints in routes.py. This matches the pattern of the entry field validation added for name/color/icon. **Dependencies:** - blocks: `loggi-2ze`

matthias closed this issue

2026-02-22 08:50:44 +01:00

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

matthias/loggi#125

No description provided.

Rows
Columns