mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-18 10:37:29 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] Use []rune to check length of user-submitted text (#948)

Browse source
This commit is contained in:
tobi 2022-11-03 14:38:06 +01:00 committed by GitHub
commit bd05040133
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 40 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

16
internal/api/client/app/appcreate.go
View file

@ -92,26 +92,26 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
return
}
if len(form.ClientName) > formFieldLen {
err := fmt.Errorf("client_name must be less than %d bytes", formFieldLen)
if len([]rune(form.ClientName)) > formFieldLen {
err := fmt.Errorf("client_name must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}
if len(form.RedirectURIs) > formRedirectLen {
err := fmt.Errorf("redirect_uris must be less than %d bytes", formRedirectLen)
if len([]rune(form.RedirectURIs)) > formRedirectLen {
err := fmt.Errorf("redirect_uris must be less than %d characters", formRedirectLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}
if len(form.Scopes) > formFieldLen {
err := fmt.Errorf("scopes must be less than %d bytes", formFieldLen)
if len([]rune(form.Scopes)) > formFieldLen {
err := fmt.Errorf("scopes must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}
if len(form.Website) > formFieldLen {
err := fmt.Errorf("website must be less than %d bytes", formFieldLen)
if len([]rune(form.Website)) > formFieldLen {
err := fmt.Errorf("website must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}

4
internal/api/client/media/mediacreate.go
View file

@ -163,8 +163,8 @@ func validateCreateMedia(form *model.AttachmentRequest) error {
return fmt.Errorf("file size limit exceeded: limit is %d bytes but attachment was %d bytes", maxSize, form.File.Size)
}
if len(form.Description) > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(form.Description))
if length := len([]rune(form.Description)); length > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
}
return nil

4
internal/api/client/media/mediaupdate.go
View file

@ -142,8 +142,8 @@ func validateUpdateMedia(form *model.AttachmentUpdateRequest) error {
maxDescriptionChars := config.GetMediaDescriptionMaxChars()
if form.Description != nil {
if len(*form.Description) < minDescriptionChars || len(*form.Description) > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(*form.Description))
if length := len([]rune(*form.Description)); length < minDescriptionChars || length > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
}
}

12
internal/api/client/status/statuscreate.go
View file

@ -124,8 +124,8 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
maxCwChars := config.GetStatusesCWMaxChars()
if form.Status != "" {
if len(form.Status) > maxChars {
return fmt.Errorf("status too long, %d characters provided but limit is %d", len(form.Status), maxChars)
if length := len([]rune(form.Status)); length > maxChars {
return fmt.Errorf("status too long, %d characters provided but limit is %d", length, maxChars)
}
}
@ -141,15 +141,15 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
}
for _, p := range form.Poll.Options {
if len(p) > maxPollChars {
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", len(p), maxPollChars)
if length := len([]rune(p)); length > maxPollChars {
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
}
}
}
if form.SpoilerText != "" {
if len(form.SpoilerText) > maxCwChars {
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", len(form.SpoilerText), maxCwChars)
if length := len([]rune(form.SpoilerText)); length > maxCwChars {
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", length, maxCwChars)
}
}