fix(04-WR-04): guard against int32 overflow in TaskCreateHandler position arithmetic
maxPos + 100 could silently overflow to a negative value when maxPos approached MaxInt32. Added a maxAllowedPosition guard that returns a validation error before the InsertTask call if the column position space is exhausted. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arthur Belleville
parent
f6ab318f4e
commit
61e6e778e0
1 changed files with 21 additions and 0 deletions
|
|
@ -190,6 +190,27 @@ func TaskCreateHandler(deps TasksDeps) http.HandlerFunc {
|
|||
return
|
||||
}
|
||||
|
||||
const maxAllowedPosition = int32(2_000_000_000)
|
||||
if maxPos > maxAllowedPosition-100 {
|
||||
errs.General = "Column has too many tasks."
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
if r.Header.Get("HX-Request") == "true" {
|
||||
w.Header().Set("HX-Retarget", "#add-task-slot-"+statusStr)
|
||||
w.Header().Set("HX-Reswap", "innerHTML")
|
||||
w.WriteHeader(http.StatusUnprocessableEntity)
|
||||
_ = templates.TaskCreateFormFragment(
|
||||
tablo.ID,
|
||||
status,
|
||||
templates.TaskCreateForm{Title: title, Status: statusStr},
|
||||
errs,
|
||||
csrf.Token(r),
|
||||
).Render(ctx, w)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/tablos/"+tablo.ID.String(), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
task, err := deps.Queries.InsertTask(ctx, sqlc.InsertTaskParams{
|
||||
TabloID: tablo.ID,
|
||||
Title: title,
|
||||
|
|
|
|||
Loading…
Reference in a new issue