misc: reject too long computed fields (#73441)

tests/form_pages/test_computed_field.py

@@ -797,3 +797,36 @@ def test_computed_field_with_bad_value_type_in_prefill(pub):
         resp = get_app(pub).get('/test/')
         assert 'XY' in resp.text
         assert pub.loggederror_class.count() == 2
+
+
+def test_computed_field_set_too_long(pub):
+    pub.loggederror_class.wipe()
+    create_user(pub)
+    FormDef.wipe()
+
+    formdef = FormDef()
+    formdef.name = 'test'
+    formdef.fields = [
+        fields.ComputedField(
+            id='1',
+            label='computed',
+            varname='computed',
+            value_template='{% token_decimal length=100000 %}',
+            freeze_on_initial_value=True,
+        ),
+    ]
+    formdef.store()
+    formdef.data_class().wipe()
+
+    app = login(get_app(pub), username='foo', password='foo')
+    resp = app.get('/test/')
+    resp = resp.forms[0].submit('submit')  # -> validation
+    resp = resp.forms[0].submit('submit').follow()  # -> submit
+    assert 'The form has been recorded' in resp.text
+    assert formdef.data_class().count() == 1
+    formdata = formdef.data_class().select()[0]
+    assert formdata.data['1'] is None
+
+    assert pub.loggederror_class.count() == 1
+    logged_error = pub.loggederror_class.select()[0]
+    assert logged_error.summary.startswith('Value too long')

wcs/forms/root.py

@@ -767,6 +767,13 @@ class FormPage(FormdefDirectoryBase, FormTemplateMixin):
                     else:
                         value = get_publisher().get_cached_complex_data(value)
 
+                    if isinstance(value, str) and len(value) > 10000:
+                        get_publisher().record_error(
+                            _('Value too long for field %(field)s: %(value)s (truncated)')
+                            % {'field': field.varname, 'value': value[:200]}
+                        )
+                        value = None
+
                     if (
                         value
                         and field.data_source