[bugfix] Use []rune to check length of user-submitted text (#948)
This commit is contained in:
parent
f3fc040c2e
commit
bd05040133
|
@ -92,26 +92,26 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.ClientName) > formFieldLen {
|
if len([]rune(form.ClientName)) > formFieldLen {
|
||||||
err := fmt.Errorf("client_name must be less than %d bytes", formFieldLen)
|
err := fmt.Errorf("client_name must be less than %d characters", formFieldLen)
|
||||||
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.RedirectURIs) > formRedirectLen {
|
if len([]rune(form.RedirectURIs)) > formRedirectLen {
|
||||||
err := fmt.Errorf("redirect_uris must be less than %d bytes", formRedirectLen)
|
err := fmt.Errorf("redirect_uris must be less than %d characters", formRedirectLen)
|
||||||
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.Scopes) > formFieldLen {
|
if len([]rune(form.Scopes)) > formFieldLen {
|
||||||
err := fmt.Errorf("scopes must be less than %d bytes", formFieldLen)
|
err := fmt.Errorf("scopes must be less than %d characters", formFieldLen)
|
||||||
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.Website) > formFieldLen {
|
if len([]rune(form.Website)) > formFieldLen {
|
||||||
err := fmt.Errorf("website must be less than %d bytes", formFieldLen)
|
err := fmt.Errorf("website must be less than %d characters", formFieldLen)
|
||||||
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -163,8 +163,8 @@ func validateCreateMedia(form *model.AttachmentRequest) error {
|
||||||
return fmt.Errorf("file size limit exceeded: limit is %d bytes but attachment was %d bytes", maxSize, form.File.Size)
|
return fmt.Errorf("file size limit exceeded: limit is %d bytes but attachment was %d bytes", maxSize, form.File.Size)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(form.Description) > maxDescriptionChars {
|
if length := len([]rune(form.Description)); length > maxDescriptionChars {
|
||||||
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(form.Description))
|
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -142,8 +142,8 @@ func validateUpdateMedia(form *model.AttachmentUpdateRequest) error {
|
||||||
maxDescriptionChars := config.GetMediaDescriptionMaxChars()
|
maxDescriptionChars := config.GetMediaDescriptionMaxChars()
|
||||||
|
|
||||||
if form.Description != nil {
|
if form.Description != nil {
|
||||||
if len(*form.Description) < minDescriptionChars || len(*form.Description) > maxDescriptionChars {
|
if length := len([]rune(*form.Description)); length < minDescriptionChars || length > maxDescriptionChars {
|
||||||
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(*form.Description))
|
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -124,8 +124,8 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
|
||||||
maxCwChars := config.GetStatusesCWMaxChars()
|
maxCwChars := config.GetStatusesCWMaxChars()
|
||||||
|
|
||||||
if form.Status != "" {
|
if form.Status != "" {
|
||||||
if len(form.Status) > maxChars {
|
if length := len([]rune(form.Status)); length > maxChars {
|
||||||
return fmt.Errorf("status too long, %d characters provided but limit is %d", len(form.Status), maxChars)
|
return fmt.Errorf("status too long, %d characters provided but limit is %d", length, maxChars)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,15 +141,15 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
|
||||||
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
|
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
|
||||||
}
|
}
|
||||||
for _, p := range form.Poll.Options {
|
for _, p := range form.Poll.Options {
|
||||||
if len(p) > maxPollChars {
|
if length := len([]rune(p)); length > maxPollChars {
|
||||||
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", len(p), maxPollChars)
|
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if form.SpoilerText != "" {
|
if form.SpoilerText != "" {
|
||||||
if len(form.SpoilerText) > maxCwChars {
|
if length := len([]rune(form.SpoilerText)); length > maxCwChars {
|
||||||
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", len(form.SpoilerText), maxCwChars)
|
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", length, maxCwChars)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ func NewPassword(password string) error {
|
||||||
return errors.New("no password provided")
|
return errors.New("no password provided")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(password) > maximumPasswordLength {
|
if len([]rune(password)) > maximumPasswordLength {
|
||||||
return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
|
return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,12 +113,14 @@ func SignUpReason(reason string, reasonRequired bool) error {
|
||||||
return errors.New("no reason provided")
|
return errors.New("no reason provided")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(reason) < minimumReasonLength {
|
length := len([]rune(reason))
|
||||||
return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, len(reason))
|
|
||||||
|
if length < minimumReasonLength {
|
||||||
|
return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(reason) > maximumReasonLength {
|
if length > maximumReasonLength {
|
||||||
return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, len(reason))
|
return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, length)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -164,7 +166,7 @@ func CustomCSS(customCSS string) error {
|
||||||
return errors.New("accounts-allow-custom-css is not enabled for this instance")
|
return errors.New("accounts-allow-custom-css is not enabled for this instance")
|
||||||
}
|
}
|
||||||
|
|
||||||
if length := len(customCSS); length > maximumCustomCSSLength {
|
if length := len([]rune(customCSS)); length > maximumCustomCSSLength {
|
||||||
return fmt.Errorf("custom_css must be less than %d characters, but submitted custom_css was %d characters", maximumCustomCSSLength, length)
|
return fmt.Errorf("custom_css must be less than %d characters, but submitted custom_css was %d characters", maximumCustomCSSLength, length)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -182,8 +184,8 @@ func EmojiShortcode(shortcode string) error {
|
||||||
|
|
||||||
// SiteTitle ensures that the given site title is within spec.
|
// SiteTitle ensures that the given site title is within spec.
|
||||||
func SiteTitle(siteTitle string) error {
|
func SiteTitle(siteTitle string) error {
|
||||||
if len(siteTitle) > maximumSiteTitleLength {
|
if length := len([]rune(siteTitle)); length > maximumSiteTitleLength {
|
||||||
return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, len(siteTitle))
|
return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -191,8 +193,8 @@ func SiteTitle(siteTitle string) error {
|
||||||
|
|
||||||
// SiteShortDescription ensures that the given site short description is within spec.
|
// SiteShortDescription ensures that the given site short description is within spec.
|
||||||
func SiteShortDescription(d string) error {
|
func SiteShortDescription(d string) error {
|
||||||
if len(d) > maximumShortDescriptionLength {
|
if length := len([]rune(d)); length > maximumShortDescriptionLength {
|
||||||
return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, len(d))
|
return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -200,8 +202,8 @@ func SiteShortDescription(d string) error {
|
||||||
|
|
||||||
// SiteDescription ensures that the given site description is within spec.
|
// SiteDescription ensures that the given site description is within spec.
|
||||||
func SiteDescription(d string) error {
|
func SiteDescription(d string) error {
|
||||||
if len(d) > maximumDescriptionLength {
|
if length := len([]rune(d)); length > maximumDescriptionLength {
|
||||||
return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, len(d))
|
return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -209,8 +211,8 @@ func SiteDescription(d string) error {
|
||||||
|
|
||||||
// SiteTerms ensures that the given site terms string is within spec.
|
// SiteTerms ensures that the given site terms string is within spec.
|
||||||
func SiteTerms(t string) error {
|
func SiteTerms(t string) error {
|
||||||
if len(t) > maximumSiteTermsLength {
|
if length := len([]rune(t)); length > maximumSiteTermsLength {
|
||||||
return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, len(t))
|
return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, length)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -233,6 +233,7 @@ func (suite *ValidationTestSuite) TestValidateReason() {
|
||||||
badReason := "because"
|
badReason := "because"
|
||||||
goodReason := "to smash the state and destroy capitalism ultimately and completely"
|
goodReason := "to smash the state and destroy capitalism ultimately and completely"
|
||||||
tooLong := "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris auctor mollis viverra. Maecenas maximus mollis sem, nec fermentum velit consectetur non. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor. Curabitur velit tellus, facilisis vitae lorem a, ullamcorper efficitur leo. Sed a auctor tortor. Sed ut finibus ante, sit amet laoreet sapien. Donec ullamcorper tellus a nibh sodales vulputate. Donec id dolor eu odio mollis bibendum. Pellentesque habitant morbi tristique senectus et netus at."
|
tooLong := "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris auctor mollis viverra. Maecenas maximus mollis sem, nec fermentum velit consectetur non. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor. Curabitur velit tellus, facilisis vitae lorem a, ullamcorper efficitur leo. Sed a auctor tortor. Sed ut finibus ante, sit amet laoreet sapien. Donec ullamcorper tellus a nibh sodales vulputate. Donec id dolor eu odio mollis bibendum. Pellentesque habitant morbi tristique senectus et netus at."
|
||||||
|
unicode := "⎾⎿⏀⏁⏂⏃⏄⏅⏆⏇"
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
// check with no reason required
|
// check with no reason required
|
||||||
|
@ -256,6 +257,11 @@ func (suite *ValidationTestSuite) TestValidateReason() {
|
||||||
assert.Equal(suite.T(), nil, err)
|
assert.Equal(suite.T(), nil, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err = validate.SignUpReason(unicode, false)
|
||||||
|
if assert.NoError(suite.T(), err) {
|
||||||
|
assert.Equal(suite.T(), nil, err)
|
||||||
|
}
|
||||||
|
|
||||||
// check with reason required
|
// check with reason required
|
||||||
err = validate.SignUpReason(empty, true)
|
err = validate.SignUpReason(empty, true)
|
||||||
if assert.Error(suite.T(), err) {
|
if assert.Error(suite.T(), err) {
|
||||||
|
|
Loading…
Reference in New Issue