From 7419f86063f2f15349d2c5ca7f2de344cd47960f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20de=20Juvigny?= <remi.dejuvigny@strapi.io>
Date: Tue, 18 Apr 2023 11:34:49 +0200
Subject: [PATCH] Validate input size in custom field server registry

---
 .../__tests__/custom-fields.test.js           | 19 +++++++++++++++++++
 .../lib/core/registries/custom-fields.js      | 19 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/packages/core/strapi/lib/core/registries/__tests__/custom-fields.test.js b/packages/core/strapi/lib/core/registries/__tests__/custom-fields.test.js
index fd45f4346d..283bcf5b36 100644
--- a/packages/core/strapi/lib/core/registries/__tests__/custom-fields.test.js
+++ b/packages/core/strapi/lib/core/registries/__tests__/custom-fields.test.js
@@ -90,6 +90,25 @@ describe('Custom fields registry', () => {
       );
     });
 
+    it('validates inputSize', () => {
+      const mockCF = {
+        name: 'test',
+        type: 'text',
+      };
+
+      const customFields = customFieldsRegistry(strapi);
+
+      expect(() => customFields.add({ ...mockCF, inputSize: 'small' })).toThrowError(
+        `inputSize should be an object with 'default' and 'isResizable' keys`
+      );
+      expect(() =>
+        customFields.add({ ...mockCF, inputSize: { default: 99, isResizable: true } })
+      ).toThrowError('Custom fields require a valid default input size');
+      expect(() =>
+        customFields.add({ ...mockCF, inputSize: { default: 12, isResizable: 'true' } })
+      ).toThrowError('Custom fields should specify if their input is resizable');
+    });
+
     it('confirms the custom field does not already exist', () => {
       const mockCF = {
         name: 'test',
diff --git a/packages/core/strapi/lib/core/registries/custom-fields.js b/packages/core/strapi/lib/core/registries/custom-fields.js
index 47ad2eaf08..9b8dc3ab41 100644
--- a/packages/core/strapi/lib/core/registries/custom-fields.js
+++ b/packages/core/strapi/lib/core/registries/custom-fields.js
@@ -44,7 +44,7 @@ const customFieldsRegistry = (strapi) => {
           throw new Error(`Custom fields require a 'name' and 'type' key`);
         }
 
-        const { name, plugin, type } = cf;
+        const { name, plugin, type, inputSize } = cf;
         if (!ALLOWED_TYPES.includes(type)) {
           throw new Error(
             `Custom field type: '${type}' is not a valid Strapi type or it can't be used with a Custom Field`
@@ -56,6 +56,23 @@ const customFieldsRegistry = (strapi) => {
           throw new Error(`Custom field name: '${name}' is not a valid object key`);
         }
 
+        // Validate inputSize when provided
+        if (inputSize) {
+          if (
+            typeof inputSize !== 'object' ||
+            !has('default', inputSize) ||
+            !has('isResizable', inputSize)
+          ) {
+            throw new Error(`inputSize should be an object with 'default' and 'isResizable' keys`);
+          }
+          if (![4, 6, 8, 12].includes(inputSize.default)) {
+            throw new Error('Custom fields require a valid default input size');
+          }
+          if (typeof inputSize.isResizable !== 'boolean') {
+            throw new Error('Custom fields should specify if their input is resizable');
+          }
+        }
+
         // When no plugin is specified, or it isn't found in Strapi, default to global
         const uid = strapi.plugin(plugin) ? `plugin::${plugin}.${name}` : `global::${name}`;