492701 - form history should cap the number of fields saved per form submission

Status: RESOLVED FIXED

(Toolkit :: Form Manager, defect)

Description

[Justin Dolske [:Dolske]]

Along the lines of bug 488796. In addition to limiting the length of any particular value, form history should limit the total number of values it saves for any single form submission. As a wild, liberal guess, I'd say 100 should be plenty.

[Note that since bug 463486 already suppresses unmodified form fields, this cap would only apply to the count of fields actually modified. So, if a form has 500 inputs and the user only modifies the value of the last one, form history should still save it, since 1 is way under this cap.]

Capping the limit helps mitigate the possibility of a DoS attack (by stuffing lots of small fields into a form, even with the bug 488796 fix), and similarly ensures that pathological forms don't result in performance problems when submitted.

Comment 1

[Matthew N. [:MattN]]

Attachment: Cap to 100 fields saved (+2 tests)

Comment 2

[Matthew N. [:MattN]]

Attachment: v.2 add test descriptions

Comment 3

[Mike Beltzner [:beltzner, not reading bugmail]]

Comment on attachment 378706 [details] [diff] [review]
v.2 add test descriptions

You realize that you're limiting our ability to arbitrarily add flags and fields to bugzilla records, right?

Comment 4

[Justin Dolske [:Dolske]]

Pushed http://hg.mozilla.org/mozilla-central/rev/e1b6981c7176

Comment 5

[Justin Dolske [:Dolske]]

Pushed to 191: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/463687cad119