Length of flag messages is not validated server-side (although the minimum length [1 char ATTOW] is validated client-side). As a result, flaggers can submit up to 65 536 characters.
To Reproduce
Steps to reproduce the behavior:
Log in as any user.
Flag any post with a custom reason.
Include as many characters as you like.
Observe the flag successfully being submitted or a raw DB error when over 65536 chars.
As per prior discussion, the upper limit should be configurable per-community with 1000 chars as the default. Let's also make the lower limit configurable (it's hardcoded right now) with the default set to 1 (for backwards compatibility).
Describe the bug
Length of flag messages is not validated server-side (although the minimum length [1 char ATTOW] is validated client-side). As a result, flaggers can submit up to 65 536 characters.
To Reproduce Steps to reproduce the behavior:
As per prior discussion, the upper limit should be configurable per-community with 1000 chars as the default. Let's also make the lower limit configurable (it's hardcoded right now) with the default set to 1 (for backwards compatibility).