From 2a903e8df5d57b4b5b3a9e2ff12ba1ab18e8e0ec Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Sun, 14 Feb 2021 12:59:55 +0000 Subject: [PATCH] fix various issues with new settings some incorrect field names, bad parsing, date problems and inability to remove some inputs --- controllers/forms/globalsettings.js | 168 +++++++++++++-------------- helpers/paramconverter.js | 12 +- helpers/schema.js | 4 +- helpers/setting.js | 2 +- models/forms/changeglobalsettings.js | 8 +- views/pages/globalmanagesettings.pug | 8 +- 6 files changed, 104 insertions(+), 98 deletions(-) diff --git a/controllers/forms/globalsettings.js b/controllers/forms/globalsettings.js index 24c8bf21..015c7292 100644 --- a/controllers/forms/globalsettings.js +++ b/controllers/forms/globalsettings.js @@ -30,108 +30,108 @@ module.exports = async (req, res, next) => { }, expected: false, error: 'Extra mime types must be like type/subtype' }, { result: lengthBody(req.body.global_announcement, 0, 10000), expected: false, error: 'Global announcement must not exceed 10000 characters' }, { result: lengthBody(req.body.filters, 0, 5000), expected: false, error: 'Filter text cannot exceed 5000 characters' }, - { result: numberBody(req.body.filter_mode, 0, 2), expected: false, error: 'Filter mode must be a number from 0-2' }, - { result: numberBody(req.body.ban_duration), expected: false, error: 'Invalid filter auto ban duration' }, + { result: numberBody(req.body.filter_mode, 0, 2), expected: true, error: 'Filter mode must be a number from 0-2' }, + { result: numberBody(req.body.ban_duration), expected: true, error: 'Invalid filter auto ban duration' }, { result: lengthBody(req.body.allowed_hosts, 0, 10000), expected: false, error: 'Allowed hosts must not exceed 10000 characters' }, { result: lengthBody(req.body.country_code_header, 0, 100), expected: false, error: 'Country code header length must not exceed 100 characters' }, { result: lengthBody(req.body.ip_header, 0, 100), expected: false, error: 'IP header length must not exceed 100 characters' }, { result: lengthBody(req.body.meta_site_name, 0, 100), expected: false, error: 'Meta site name must not exceed 100 characters' }, { result: lengthBody(req.body.meta_url, 0, 100), expected: false, error: 'Meta url must not exceed 100 characters' }, { result: inArrayBody(req.body.captcha_options_type, ['grid', 'text', 'google', 'hcaptcha']), expected: true, error: 'Invalid captcha options type' }, - { result: numberBody(req.body.captcha_options_generate_limit, 1), expected: false, error: 'Captcha options generate limit must be a number > 0' }, - { result: numberBody(req.body.captcha_options_grid_size, 2, 6), expected: false, error: 'Captcha options grid size must be a number from 2-8' }, - { result: numberBody(req.body.captcha_options_image_size, 50, 500), expected: false, error: 'Captcha options image size must be a number from 50-500' }, - { result: numberBody(req.body.captcha_options_grid_icon_y_offset, 0, 50), expected: false, error: 'Captcha options icon y offset must be a number from 0-50' }, - { result: numberBody(req.body.captcha_options_num_distorts_min, 0, 10), expected: false, error: 'Captcha options min distorts must be a number from 0-10' }, - { result: numberBody(req.body.captcha_options_num_distorts_max, 0, 10), expected: false, error: 'Captcha options max distorts must be a number from 0-10' }, + { result: numberBody(req.body.captcha_options_generate_limit, 1), expected: true, error: 'Captcha options generate limit must be a number > 0' }, + { result: numberBody(req.body.captcha_options_grid_size, 2, 6), expected: true, error: 'Captcha options grid size must be a number from 2-6' }, + { result: numberBody(req.body.captcha_options_image_size, 50, 500), expected: true, error: 'Captcha options image size must be a number from 50-500' }, + { result: numberBody(req.body.captcha_options_grid_icon_y_offset, 0, 50), expected: true, error: 'Captcha options icon y offset must be a number from 0-50' }, + { result: numberBody(req.body.captcha_options_num_distorts_min, 0, 10), expected: true, error: 'Captcha options min distorts must be a number from 0-10' }, + { result: numberBody(req.body.captcha_options_num_distorts_max, 0, 10), expected: true, error: 'Captcha options max distorts must be a number from 0-10' }, { result: minmaxBody(req.body.captcha_options_num_distorts_min, req.body.captcha_options_num_distorts_max), expected: true, error: 'Captcha options distorts min must be less than max' }, - { result: numberBody(req.body.captcha_options_distortion, 0, 50), expected: false, error: 'Captcha options distortion must be a number from 0-50' }, - { result: numberBody(req.body.dnsbl_cache_time), expected: false, error: 'Invalid dnsbl cache time' }, - { result: numberBody(req.body.flood_timers_same_content_same_ip), expected: false, error: 'Invalid flood time same content same ip' }, - { result: numberBody(req.body.flood_timers_same_content_any_ip), expected: false, error: 'Invalid flood time same contenet any ip' }, - { result: numberBody(req.body.flood_timers_any_content_same_ip), expected: false, error: 'Invalid flood time any content same ip' }, - { result: numberBody(req.body.block_bypass_expire_after_uses), expected: false, error: 'Block bypass expire after uses must be a number > 0' }, - { result: numberBody(req.body.block_bypass_expire_after_time), expected: false, error: 'Invalid block bypass expire after time' }, - { result: numberBody(req.body.ip_hash_perm_level, -1), expected: false, error: 'Invalid ip hash perm level' }, - { result: numberBody(req.body.delete_board_perm_level), expected: false, error: 'Invalid delete board perm level' }, - { result: numberBody(req.body.rate_limit_cost_captcha, 1, 100), expected: false, error: 'Rate limit cost captcha must be a number from 1-100' }, - { result: numberBody(req.body.rate_limit_cost_board_settings, 1, 100), expected: false, error: 'Rate limit cost board settings must be a number from 1-100' }, - { result: numberBody(req.body.rate_limit_cost_edit_post, 1, 100), expected: false, error: 'Rate limit cost edit post must be a number from 1-100' }, - { result: numberBody(req.body.overboard_limit), expected: false, error: 'Invalid overboard limit' }, - { result: numberBody(req.body.overboard_catalog_limit), expected: false, error: 'Invalid overboard catalog limit' }, - { result: numberBody(req.body.lock_wait), expected: false, error: 'Invalid lock wait' }, - { result: numberBody(req.body.prune_modlogs), expected: false, error: 'Prune modlogs must be a number of days' }, - { result: numberBody(req.body.prune_ips), expected: false, error: 'Prune ips must be a number of days' }, + { result: numberBody(req.body.captcha_options_distortion, 0, 50), expected: true, error: 'Captcha options distortion must be a number from 0-50' }, + { result: numberBody(req.body.dnsbl_cache_time), expected: true, error: 'Invalid dnsbl cache time' }, + { result: numberBody(req.body.flood_timers_same_content_same_ip), expected: true, error: 'Invalid flood time same content same ip' }, + { result: numberBody(req.body.flood_timers_same_content_any_ip), expected: true, error: 'Invalid flood time same contenet any ip' }, + { result: numberBody(req.body.flood_timers_any_content_same_ip), expected: true, error: 'Invalid flood time any content same ip' }, + { result: numberBody(req.body.block_bypass_expire_after_uses), expected: true, error: 'Block bypass expire after uses must be a number > 0' }, + { result: numberBody(req.body.block_bypass_expire_after_time), expected: true, error: 'Invalid block bypass expire after time' }, + { result: numberBody(req.body.ip_hash_perm_level, -1), expected: true, error: 'Invalid ip hash perm level' }, + { result: numberBody(req.body.delete_board_perm_level), expected: true, error: 'Invalid delete board perm level' }, + { result: numberBody(req.body.rate_limit_cost_captcha, 1, 100), expected: true, error: 'Rate limit cost captcha must be a number from 1-100' }, + { result: numberBody(req.body.rate_limit_cost_board_settings, 1, 100), expected: true, error: 'Rate limit cost board settings must be a number from 1-100' }, + { result: numberBody(req.body.rate_limit_cost_edit_post, 1, 100), expected: true, error: 'Rate limit cost edit post must be a number from 1-100' }, + { result: numberBody(req.body.overboard_limit), expected: true, error: 'Invalid overboard limit' }, + { result: numberBody(req.body.overboard_catalog_limit), expected: true, error: 'Invalid overboard catalog limit' }, + { result: numberBody(req.body.lock_wait), expected: true, error: 'Invalid lock wait' }, + { result: numberBody(req.body.prune_modlogs), expected: true, error: 'Prune modlogs must be a number of days' }, + { result: numberBody(req.body.prune_ips), expected: true, error: 'Prune ips must be a number of days' }, { result: lengthBody(req.body.thumb_extension, 1), expected: false, error: 'Thumbnail extension must be at least 1 character' }, - { result: numberBody(req.body.thumb_size), expected: false, error: 'Invalid thumbnail size' }, - { result: numberBody(req.body.video_thumb_percentage, 0, 100), expected: false, error: 'Video thumbnail percentage must be a number from 1-100' }, - { result: numberBody(req.body.default_ban_duration), expected: false, error: 'Invalid default ban duration' }, - { result: numberBody(req.body.quote_limit), expected: false, error: 'Quote limit must be a number' }, - { result: numberBody(req.body.preview_replies), expected: false, error: 'Preview replies must be a number' }, - { result: numberBody(req.body.sticky_preview_replies), expected: false, error: 'Sticky preview replies must be a number' }, - { result: numberBody(req.body.early_404_fraction), expected: false, error: 'Early 404 fraction must be a number' }, - { result: numberBody(req.body.early_404_replies), expected: false, error: 'Early 404 fraction must be a number' }, - { result: numberBody(req.body.max_recent_news), expected: false, error: 'Max recent news must be a number' }, - { result: numberBody(req.body.space_file_name_replacement, 1, 1), expected: false, error: 'Space file name replacement must be 1 character' }, + { result: numberBody(req.body.thumb_size), expected: true, error: 'Invalid thumbnail size' }, + { result: numberBody(req.body.video_thumb_percentage, 0, 100), expected: true, error: 'Video thumbnail percentage must be a number from 1-100' }, + { result: numberBody(req.body.default_ban_duration), expected: true, error: 'Invalid default ban duration' }, + { result: numberBody(req.body.quote_limit), expected: true, error: 'Quote limit must be a number' }, + { result: numberBody(req.body.preview_replies), expected: true, error: 'Preview replies must be a number' }, + { result: numberBody(req.body.sticky_preview_replies), expected: true, error: 'Sticky preview replies must be a number' }, + { result: numberBody(req.body.early_404_fraction), expected: true, error: 'Early 404 fraction must be a number' }, + { result: numberBody(req.body.early_404_replies), expected: true, error: 'Early 404 fraction must be a number' }, + { result: numberBody(req.body.max_recent_news), expected: true, error: 'Max recent news must be a number' }, + { result: lengthBody(req.body.space_file_name_replacement, 1, 1), expected: false, error: 'Space file name replacement must be 1 character' }, { result: lengthBody(req.body.highlight_options_language_subset, 0, 10000), expected: false, error: 'Highlight options language subset must not exceed 10000 characters' }, { result: lengthBody(req.body.highlight_options_threshold), expected: false, error: 'Highlight options threshold must be a number' }, - { result: numberBody(req.body.global_limits_thread_limit_min), expected: false, error: 'Global thread limit minimum must be a number' }, - { result: numberBody(req.body.global_limits_thread_limit_max), expected: false, error: 'Global thread limit maximum must be a number' }, + { result: numberBody(req.body.global_limits_thread_limit_min), expected: true, error: 'Global thread limit minimum must be a number' }, + { result: numberBody(req.body.global_limits_thread_limit_max), expected: true, error: 'Global thread limit maximum must be a number' }, { result: minmaxBody(req.body.global_limits_thread_limit_min, req.body.global_limits_thread_limit_max), expected: true, error: 'Global thread limit min must be less than max' }, - { result: numberBody(req.body.global_limits_reply_limit_min), expected: false, error: 'Global reply limit minimum must be a number' }, - { result: numberBody(req.body.global_limits_reply_limit_max), expected: false, error: 'Global reply limit maximum must be a number' }, + { result: numberBody(req.body.global_limits_reply_limit_min), expected: true, error: 'Global reply limit minimum must be a number' }, + { result: numberBody(req.body.global_limits_reply_limit_max), expected: true, error: 'Global reply limit maximum must be a number' }, { result: minmaxBody(req.body.global_limits_reply_limit_min, req.body.global_limits_reply_limit_max), expected: true, error: 'Global reply limit min must be less than max' }, - { result: numberBody(req.body.global_limits_bump_limit_min), expected: false, error: 'Global bump limit minimum must be a number' }, - { result: numberBody(req.body.global_limits_bump_limit_max), expected: false, error: 'Global bump limit minimum must be a number' }, + { result: numberBody(req.body.global_limits_bump_limit_min), expected: true, error: 'Global bump limit minimum must be a number' }, + { result: numberBody(req.body.global_limits_bump_limit_max), expected: true, error: 'Global bump limit minimum must be a number' }, { result: minmaxBody(req.body.global_limits_bump_limit_min, req.body.global_limits_bump_limit_max), expected: true, error: 'Global bump limit min must be less than max' }, - { result: numberBody(req.body.global_limits_post_files_max), expected: false, error: 'Post files max must be a number' }, - { result: numberBody(req.body.global_limits_post_files_size_max), expected: false, error: 'Post files size must be a number' }, - { result: numberBody(req.body.global_limits_banner_files_size), expected: false, error: 'Banner files size must be a number' }, - { result: numberBody(req.body.global_limits_banner_files_width, 1), expected: false, error: 'Banner files height must be a number > 0' }, - { result: numberBody(req.body.global_limits_banner_files_height, 1), expected: false, error: 'Banner files width must be a number > 0' }, - { result: numberBody(req.body.global_limits_banner_files_max), expected: false, error: 'Banner files max must be a number' }, - { result: numberBody(req.body.global_limits_banner_files_total), expected: false, error: 'Banner files total must be a number' }, - { result: numberBody(req.body.global_limits_field_length_name), expected: false, error: 'Global limit name field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_email), expected: false, error: 'Global limit email field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_subject), expected: false, error: 'Global limit subject field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_postpassword), expected: false, error: 'Global limit postpassword field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_message), expected: false, error: 'Global limit message field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_report_reason), expected: false, error: 'Global limit report reason field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_ban_reason), expected: false, error: 'Global limit ban reason field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_log_message), expected: false, error: 'Global limit log message field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_uri), expected: false, error: 'Global limit board uri field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_boardname), expected: false, error: 'Global limit board name field length must be a number' }, - { result: numberBody(req.body.global_limits_field_length_description), expected: false, error: 'Global limit board description field length must be a number' }, - { result: numberBody(req.body.global_limits_multi_input_posts_anon), expected: false, error: 'Multi input anon limit must be a number' }, - { result: numberBody(req.body.global_limits_multi_input_posts_staff), expected: false, error: 'Multi input staff limit must be a number' }, - { result: numberBody(req.body.global_limits_custom_css_max), expected: false, error: 'Custom css max must be a number' }, + { result: numberBody(req.body.global_limits_post_files_max), expected: true, error: 'Post files max must be a number' }, + { result: numberBody(req.body.global_limits_post_files_size_max), expected: true, error: 'Post files size must be a number' }, + { result: numberBody(req.body.global_limits_banner_files_size_max), expected: true, error: 'Banner files size must be a number' }, + { result: numberBody(req.body.global_limits_banner_files_width, 1), expected: true, error: 'Banner files height must be a number > 0' }, + { result: numberBody(req.body.global_limits_banner_files_height, 1), expected: true, error: 'Banner files width must be a number > 0' }, + { result: numberBody(req.body.global_limits_banner_files_max), expected: true, error: 'Banner files max must be a number' }, + { result: numberBody(req.body.global_limits_banner_files_total), expected: true, error: 'Banner files total must be a number' }, + { result: numberBody(req.body.global_limits_field_length_name), expected: true, error: 'Global limit name field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_email), expected: true, error: 'Global limit email field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_subject), expected: true, error: 'Global limit subject field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_postpassword), expected: true, error: 'Global limit postpassword field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_message), expected: true, error: 'Global limit message field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_report_reason), expected: true, error: 'Global limit report reason field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_ban_reason), expected: true, error: 'Global limit ban reason field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_log_message), expected: true, error: 'Global limit log message field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_uri), expected: true, error: 'Global limit board uri field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_boardname), expected: true, error: 'Global limit board name field length must be a number' }, + { result: numberBody(req.body.global_limits_field_length_description), expected: true, error: 'Global limit board description field length must be a number' }, + { result: numberBody(req.body.global_limits_multi_input_posts_anon), expected: true, error: 'Multi input anon limit must be a number' }, + { result: numberBody(req.body.global_limits_multi_input_posts_staff), expected: true, error: 'Multi input staff limit must be a number' }, + { result: numberBody(req.body.global_limits_custom_css_max), expected: true, error: 'Custom css max must be a number' }, { result: lengthBody(req.body.global_limits_custom_css_filters, 0, 10000), expected: false, error: 'Custom css filters must not exceed 10000 characters' }, - { result: numberBody(req.body.global_limits_custom_pages_max), expected: false, error: 'Custom pages max must be a number' }, - { result: numberBody(req.body.global_limits_custom_pages_max_length), expected: false, error: 'Custom pages max length must be a number' }, + { result: numberBody(req.body.global_limits_custom_pages_max), expected: true, error: 'Custom pages max must be a number' }, + { result: numberBody(req.body.global_limits_custom_pages_max_length), expected: true, error: 'Custom pages max length must be a number' }, { result: inArrayBody(req.body.board_defaults_theme, themeHelper.themes), expected: true, error: 'Invalid board default theme' }, { result: inArrayBody(req.body.board_defaults_code_theme, themeHelper.codeThemes), expected: true, error: 'Invalid board default code theme' }, - { result: numberBody(req.body.board_defaults_lock_mode, 0, 2), expected: false, error: 'Board default lock mode must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_file_r9k_mode, 0, 2), expected: false, error: 'Board default file r9k mode must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_message_r9k_mode, 0, 2), expected: false, error: 'Board default message r9k mode must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_captcha_mode, 0, 2), expected: false, error: 'Board default captcha mode must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_tph_trigger), expected: false, error: 'Board default tph trigger must be a number' }, - { result: numberBody(req.body.board_defaults_pph_trigger), expected: false, error: 'Board default pph trigger must be a number' }, - { result: numberBody(req.body.board_defaults_pph_trigger_action, 0, 4), expected: false, error: 'Board default pph trigger action must be a number from 0-4' }, - { result: numberBody(req.body.board_defaults_tph_trigger_action, 0, 4), expected: false, error: 'Board default tph trigger action must be a number from 0-4' }, - { result: numberBody(req.body.board_defaults_captcha_reset, 0, 2), expected: false, error: 'Board defaults captcha reset must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_lock_reset, 0, 2), expected: false, error: 'Board defaults lock reset must be a number from 0-2' }, - { result: numberBodyVariable(req.body.board_defaults_reply_limit, req.body.global_limits_reply_limit_min, globalLimits.replyLimit.min, req.body.global_limits_reply_limit_max, globalLimits.replyLimit.max), expected: false, error: `Board defaults reply limit must be within global limits` }, - { result: numberBodyVariable(req.body.board_defaults_thread_limit, req.body.global_limits_thread_limit_min, globalLimits.threadLimit.min, req.body.global_limits_thread_limit_max, globalLimits.threadLimit.max), expected: false, error: `Board defaults thread limit must be within global limits` }, - { result: numberBodyVariable(req.body.board_defaults_bump_limit, req.body.global_limits_bump_limit_min, globalLimits.bumpLimit.min, req.body.global_limits_bump_limit_max, globalLimits.bumpLimit.max), expected: false, error: `Board defaults bump limit must be within global limits` }, - { result: numberBodyVariable(req.body.board_defaults_max_files, 0, 0, req.body.global_limits_post_files_max, globalLimits.postFiles.max), expected: false, error: `Board defaults max files must be within global limits` }, - { result: numberBodyVariable(req.body.board_defaults_max_thread_message_length, 0, 0, req.body.global_limits_field_length_message, globalLimits.fieldLength.message), expected: false, error: `Board defaults max thread message length must be within global limits` }, - { result: numberBodyVariable(req.body.board_defaults_max_reply_message_length, 0, 0, req.body.global_limits_field_length_message, globalLimits.fieldLength.message), expected: false, error: `Board defaults max reply message length must be within global limits` }, - { result: numberBody(req.body.board_defaults_min_thread_message_length), expected: false, error: 'Board defaults min thread message length must be a number' }, - { result: numberBody(req.body.board_defaults_min_reply_message_length), expected: false, error: 'Board defaults min reply message length must be a number' }, + { result: numberBody(req.body.board_defaults_lock_mode, 0, 2), expected: true, error: 'Board default lock mode must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_file_r9k_mode, 0, 2), expected: true, error: 'Board default file r9k mode must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_message_r9k_mode, 0, 2), expected: true, error: 'Board default message r9k mode must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_captcha_mode, 0, 2), expected: true, error: 'Board default captcha mode must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_tph_trigger), expected: true, error: 'Board default tph trigger must be a number' }, + { result: numberBody(req.body.board_defaults_pph_trigger), expected: true, error: 'Board default pph trigger must be a number' }, + { result: numberBody(req.body.board_defaults_pph_trigger_action, 0, 4), expected: true, error: 'Board default pph trigger action must be a number from 0-4' }, + { result: numberBody(req.body.board_defaults_tph_trigger_action, 0, 4), expected: true, error: 'Board default tph trigger action must be a number from 0-4' }, + { result: numberBody(req.body.board_defaults_captcha_reset, 0, 2), expected: true, error: 'Board defaults captcha reset must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_lock_reset, 0, 2), expected: true, error: 'Board defaults lock reset must be a number from 0-2' }, + { result: numberBodyVariable(req.body.board_defaults_reply_limit, req.body.global_limits_reply_limit_min, globalLimits.replyLimit.min, req.body.global_limits_reply_limit_max, globalLimits.replyLimit.max), expected: true, error: `Board defaults reply limit must be within global limits` }, + { result: numberBodyVariable(req.body.board_defaults_thread_limit, req.body.global_limits_thread_limit_min, globalLimits.threadLimit.min, req.body.global_limits_thread_limit_max, globalLimits.threadLimit.max), expected: true, error: `Board defaults thread limit must be within global limits` }, + { result: numberBodyVariable(req.body.board_defaults_bump_limit, req.body.global_limits_bump_limit_min, globalLimits.bumpLimit.min, req.body.global_limits_bump_limit_max, globalLimits.bumpLimit.max), expected: true, error: `Board defaults bump limit must be within global limits` }, + { result: numberBodyVariable(req.body.board_defaults_max_files, 0, 0, req.body.global_limits_post_files_max, globalLimits.postFiles.max), expected: true, error: `Board defaults max files must be within global limits` }, + { result: numberBodyVariable(req.body.board_defaults_max_thread_message_length, 0, 0, req.body.global_limits_field_length_message, globalLimits.fieldLength.message), expected: true, error: `Board defaults max thread message length must be within global limits` }, + { result: numberBodyVariable(req.body.board_defaults_max_reply_message_length, 0, 0, req.body.global_limits_field_length_message, globalLimits.fieldLength.message), expected: true, error: `Board defaults max reply message length must be within global limits` }, + { result: numberBody(req.body.board_defaults_min_thread_message_length), expected: true, error: 'Board defaults min thread message length must be a number' }, + { result: numberBody(req.body.board_defaults_min_reply_message_length), expected: true, error: 'Board defaults min reply message length must be a number' }, { result: minmaxBody(req.body.board_defaults_min_thread_message_length, req.body.board_defaults_max_thread_message_length), expected: true, error: 'Board defaults thread message length min must be less than max' }, { result: minmaxBody(req.body.board_defaults_min_reply_message_length, req.body.board_defaults_max_reply_message_length), expected: true, error: 'Board defaults reply message length min must be less than max' }, - { result: numberBody(req.body.board_defaults_filter_mode, 0, 2), expected: false, error: 'Board defaults filter most must be a number from 0-2' }, - { result: numberBody(req.body.board_defaults_filter_ban_duration), expected: false, error: 'Board defaults filter ban duration must be a number' }, + { result: numberBody(req.body.board_defaults_filter_mode, 0, 2), expected: true, error: 'Board defaults filter most must be a number from 0-2' }, + { result: numberBody(req.body.board_defaults_filter_ban_duration), expected: true, error: 'Board defaults filter ban duration must be a number' }, { result: lengthBody(req.body.webring_following, 0, 10000), expected: false, error: 'Webring following list must not exceed 10000 characters' }, { result: lengthBody(req.body.webring_blacklist, 0, 10000), expected: false, error: 'Webring blacklist must not exceed 10000 characters' }, { result: lengthBody(req.body.webring_logos, 0, 10000), expected: false, error: 'Webring logos list must not exceed 10000 characters' }, diff --git a/helpers/paramconverter.js b/helpers/paramconverter.js index f03eed19..71417f73 100644 --- a/helpers/paramconverter.js +++ b/helpers/paramconverter.js @@ -10,13 +10,14 @@ const { ObjectId } = require(__dirname+'/../db/db.js') , numberFields = ['sticky', 'lock_reset', 'captcha_reset', 'filter_mode', 'lock_mode', 'message_r9k_mode', 'file_r9k_mode', 'captcha_mode', 'tph_trigger', 'pph_trigger', 'pph_trigger_action', 'tph_trigger_action', 'bump_limit', 'reply_limit', 'move_to_thread', 'postId', 'max_files', 'thread_limit', 'thread', 'max_thread_message_length', 'max_reply_message_length', 'min_thread_message_length', 'min_reply_message_length', 'auth_level', - 'captcha_options_num_distorts_min', 'captcha_options_num_distorts_max', 'captcha_options_distortion', 'flood_timers_same_content_same_ip', + 'captcha_options_generate_limit', 'captcha_options_grid_size', 'captcha_options_image_size', 'captcha_options_num_distorts_min', 'captcha_options_num_distorts_max', + 'captcha_options_distortion', 'captcha_options_grid_icon_y_offset', '', 'flood_timers_same_content_same_ip', 'flood_timers_same_content_any_ip', 'flood_timers_any_content_same_ip', 'block_bypass_expire_after_uses', 'ip_hash_perm_level', 'delete_board_perm_level', 'rate_limit_cost_captcha', 'rate_limit_cost_board_settings', 'rate_limit_cost_edit_post', 'overboard_limit', 'overboard_catalog_limit', 'lock_wait', 'prune_modlogs', 'prune_ips', 'thumb_size', 'video_thumb_percentage', 'quote_limit', 'preview_replies', 'sticky_preview_replies', 'early_404_fraction', 'early_404_replies', 'max_recent_news', 'highlight_options_threshold', 'global_limits_thread_limit_min', 'global_limits_thread_limit_max', 'global_limits_reply_limit_min', 'global_limits_reply_limit_max', 'global_limits_bump_limit_min', 'global_limits_bump_limit_max', 'global_limits_post_files_max', - 'global_limits_post_files_size_max', 'global_limits_banner_files_width', 'global_limits_banner_files_height', 'global_limits_banner_files_max', + 'global_limits_post_files_size_max', 'global_limits_banner_files_width', 'global_limits_banner_files_height', 'global_limits_banner_files_max', 'global_limits_banner_files_total', 'global_alimits_banner_files_total', 'global_limits_banner_files_size_max', 'global_limits_field_length_name', 'global_limits_field_length_email', 'global_limits_field_length_subject', 'global_limits_field_length_postpassword', 'global_limits_field_length_message', 'global_limits_field_length_report_reason', 'global_limits_field_length_ban_reason', 'global_limits_field_length_log_message', 'global_limits_field_length_uri', 'global_limits_field_length_boardname', @@ -123,7 +124,12 @@ module.exports = (req, res, next) => { } req.body[field] = duration; } else { - req.body[field] = null; + const num = parseInt(req.body[field]); + if (Number.isSafeInteger(num)) { + req.body[field] = num; + } else { + req.body[field] = null; + } } } } diff --git a/helpers/schema.js b/helpers/schema.js index a5f85a19..39ce3f78 100644 --- a/helpers/schema.js +++ b/helpers/schema.js @@ -30,7 +30,7 @@ module.exports = { //checks if data is a number and within a range numberBody: (data, min=0, max=Infinity) => { - return typeof data === 'number' && (data < min || data > max); + return typeof data === 'number' && (min <= data && max >= data); }, //same, but with old/new fallbacks for settings that can adjust a dependency at same time @@ -43,7 +43,7 @@ module.exports = { } const varMin = Math.min(minOld, minNew) || minOld; const varMax = Math.max(maxOld, maxNew) || maxOld; - return typeof data === 'number' && (data < varMin || data > varMax); + return typeof data === 'number' && (varMin <= data && varMax >= data); }, //check 2 number values, that one is less than the other, usually for setings with a min and max that they dont violate eachother diff --git a/helpers/setting.js b/helpers/setting.js index 5b08b945..6cfb4d55 100644 --- a/helpers/setting.js +++ b/helpers/setting.js @@ -2,7 +2,7 @@ module.exports = { trimSetting: (setting, oldSetting) => { - return setting && setting.trim().length > 0 ? setting : oldSetting; + return setting != null ? setting.trim() : oldSetting; }, numberSetting: (setting, oldSetting) => { return typeof setting === 'number' && setting !== oldSetting ? setting : oldSetting; diff --git a/models/forms/changeglobalsettings.js b/models/forms/changeglobalsettings.js index 3b15dfab..0efc25b4 100644 --- a/models/forms/changeglobalsettings.js +++ b/models/forms/changeglobalsettings.js @@ -40,11 +40,11 @@ module.exports = async (req, res, next) => { }, captchaOptions: { type: trimSetting(req.body.captcha_options_type, oldSettings.captchaOptions.type), - generateLimit: trimSetting(req.body.captcha_options_generate_limit, oldSettings.captchaOptions.generateLimit), + generateLimit: numberSetting(req.body.captcha_options_generate_limit, oldSettings.captchaOptions.generateLimit), grid: { - size: trimSetting(req.body.captcha_options_grid_size, oldSettings.captchaOptions.grid.size), - imageSize: trimSetting(req.body.captcha_options_grid_image_size, oldSettings.captchaOptions.grid.imageSize), - iconYOffset: trimSetting(req.body.captcha_options_grid_icon_y_offset, oldSettings.captchaOptions.grid.iconYOffset), + size: numberSetting(req.body.captcha_options_grid_size, oldSettings.captchaOptions.grid.size), + imageSize: numberSetting(req.body.captcha_options_grid_image_size, oldSettings.captchaOptions.grid.imageSize), + iconYOffset: numberSetting(req.body.captcha_options_grid_icon_y_offset, oldSettings.captchaOptions.grid.iconYOffset), }, numDistorts: { min: numberSetting(req.body.captcha_options_num_distorts_min, oldSettings.captchaOptions.numDistorts.min), diff --git a/views/pages/globalmanagesettings.pug b/views/pages/globalmanagesettings.pug index 06482294..a0a496a9 100644 --- a/views/pages/globalmanagesettings.pug +++ b/views/pages/globalmanagesettings.pug @@ -196,10 +196,10 @@ block content input(type='checkbox', name='block_bypass_bypass_dnsbl', value='true' checked=settings.blockBypass.bypassDnsbl) .row .label Expire After Uses - input(type='number' name='captcha_options_expire_after_uses' value=settings.blockBypass.expireAfterUses) + input(type='number' name='block_bypass_expire_after_uses' value=settings.blockBypass.expireAfterUses) .row .label Expire After Time - input(type='number' name='captcha_options_expire_after_time' value=settings.blockBypass.expireAfterTime) + input(type='number' name='block_bypass_expire_after_time' value=settings.blockBypass.expireAfterTime) .row h4.mv-5 Antispam @@ -332,7 +332,7 @@ block content input(type='number', name='global_limits_field_length_ban_reason' value=settings.globalLimits.fieldLength.ban_reason) .row .label Log Messages - input(type='number', name='global_limits_field_length_log_mesage' value=settings.globalLimits.fieldLength.log_message) + input(type='number', name='global_limits_field_length_log_message' value=settings.globalLimits.fieldLength.log_message) .row .label Boar URI input(type='number', name='global_limits_field_length_uri' value=settings.globalLimits.fieldLength.uri) @@ -718,7 +718,7 @@ block content option(value='2', selected=settings.boardDefaults.filterMode === 2) Ban .row .label Filter Auto Ban Duration - input(type='text' name='board_defaults_ban_duration' placeholder='e.g. 1w' value=settings.boardDefaults.filterBanDuration) + input(type='text' name='board_defaults_filter_ban_duration' placeholder='e.g. 1w' value=settings.boardDefaults.filterBanDuration) .row .label Allow Video Files label.postform-style.ph-5