fix(04-WR-04): guard against int32 overflow in TaskCreateHandler position arithmetic
maxPos + 100 could silently overflow to a negative value when maxPos approached MaxInt32. Added a maxAllowedPosition guard that returns a validation error before the InsertTask call if the column position space is exhausted. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arthur Belleville
parent
f6ab318f4e
commit
61e6e778e0
1 changed files with 21 additions and 0 deletions
|
|
@ -190,6 +190,27 @@ func TaskCreateHandler(deps TasksDeps) http.HandlerFunc {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const maxAllowedPosition = int32(2_000_000_000)
|
||||||
|
if maxPos > maxAllowedPosition-100 {
|
||||||
|
errs.General = "Column has too many tasks."
|
||||||
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||||
|
if r.Header.Get("HX-Request") == "true" {
|
||||||
|
w.Header().Set("HX-Retarget", "#add-task-slot-"+statusStr)
|
||||||
|
w.Header().Set("HX-Reswap", "innerHTML")
|
||||||
|
w.WriteHeader(http.StatusUnprocessableEntity)
|
||||||
|
_ = templates.TaskCreateFormFragment(
|
||||||
|
tablo.ID,
|
||||||
|
status,
|
||||||
|
templates.TaskCreateForm{Title: title, Status: statusStr},
|
||||||
|
errs,
|
||||||
|
csrf.Token(r),
|
||||||
|
).Render(ctx, w)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
http.Redirect(w, r, "/tablos/"+tablo.ID.String(), http.StatusSeeOther)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
task, err := deps.Queries.InsertTask(ctx, sqlc.InsertTaskParams{
|
task, err := deps.Queries.InsertTask(ctx, sqlc.InsertTaskParams{
|
||||||
TabloID: tablo.ID,
|
TabloID: tablo.ID,
|
||||||
Title: title,
|
Title: title,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue