fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

patch messages length check for CRLF vs just LF, because browsers dont count CRLF as 2 characters like the server does (and like it technically is). this will happen for other fields too, but message is the only one that really matter close #269

Browse Source
merge-requests/208/head
Thomas Lynch 4 years ago
parent ecb9550693
commit 7a3943c447
5 changed files with 17 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      controllers/forms/addnews.js
  2. 4
      controllers/forms/appeal.js
  3. 2
      controllers/forms/editpost.js
  4. 14
      controllers/forms/makepost.js
  5. 5
      helpers/paramconverter.js

4
controllers/forms/addnews.js
Unescape View File

@ -7,10 +7,10 @@ module.exports = async (req, res, next) => {
const errors = [];
if (!req.body.message || req.body.message.length === 0) {
if (!req.body.message || res.locals.messageLength === 0) {
errors.push('Missing message');
}
if (req.body.message.length > 10000) {
if (res.locals.messageLength > 10000) {
errors.push('Message must be 10000 characters or less');
}
if (!req.body.title || req.body.title.length === 0) {

4
controllers/forms/appeal.js
Unescape View File

@ -11,10 +11,10 @@ module.exports = async (req, res, next) => {
if (!req.body.checkedbans || req.body.checkedbans.length === 0 || req.body.checkedbans.length > 10) {
errors.push('Must select 1-10 bans');
}
if (!req.body.message || req.body.message.length === 0) {
if (!req.body.message || res.locals.messageLength === 0) {
errors.push('Appeals must include a message');
}
if (req.body.message.length > globalLimits.fieldLength.message) {
if (res.locals.messageLength > globalLimits.fieldLength.message) {
errors.push('Appeal message must be 2000 characters or less');
}

2
controllers/forms/editpost.js
Unescape View File

@ -14,7 +14,7 @@ module.exports = async (req, res, next) => {
errors.push('Missing board and postId form data');
}
// message, subject, email, name, limited length
if (req.body.message && req.body.message.length > globalLimits.fieldLength.message) {
if (req.body.message && res.locals.messageLength > globalLimits.fieldLength.message) {
errors.push(`Message must be ${globalLimits.fieldLength.message} characters or less`);
}
if (req.body.name && req.body.name.length > globalLimits.fieldLength.name) {

14
controllers/forms/makepost.js
Unescape View File

@ -11,7 +11,7 @@ module.exports = async (req, res, next) => {
const errors = [];
// even if force file and message are off, the post must contain one of either.
if ((!req.body.message || req.body.message.length === 0) && res.locals.numFiles === 0) {
if ((!req.body.message || res.locals.messageLength === 0) && res.locals.numFiles === 0) {
errors.push('Posts must include a message or file');
}
if (res.locals.tor
@ -35,7 +35,7 @@ module.exports = async (req, res, next) => {
errors.push('Posts must include a file');
}
}
if (!req.body.message || req.body.message.length === 0) {
if (!req.body.message || res.locals.messageLength === 0) {
if (!req.body.thread && res.locals.board.settings.forceThreadMessage) {
errors.push('Threads must include a message');
} else if (req.body.therad && res.locals.board.settings.forceReplyMessage) {
@ -43,19 +43,19 @@ module.exports = async (req, res, next) => {
}
}
if (req.body.message) {
if (req.body.message.length > globalLimits.fieldLength.message) {
if (res.locals.messageLength > globalLimits.fieldLength.message) {
errors.push(`Message must be ${globalLimits.fieldLength.message} characters or less`);
} else if (!req.body.thread
&& res.locals.board.settings.maxThreadMessageLength
&& req.body.message.length > res.locals.board.settings.maxThreadMessageLength) {
&& res.locals.messageLength > res.locals.board.settings.maxThreadMessageLength) {
errors.push(`Thread messages must be ${res.locals.board.settings.maxThreadLength} characters or less`);
} else if (req.body.thread
&& res.locals.board.settings.maxReplyMessageLength
&& req.body.message.length > res.locals.board.settings.maxReplyMessageLength) {
&& res.locals.messageLength > res.locals.board.settings.maxReplyMessageLength) {
errors.push(`Reply messages must be ${res.locals.board.settings.maxReplyMessageLength} characters or less`);
} else if (!req.body.thread && req.body.message.length < res.locals.board.settings.minThreadMessageLength) {
} else if (!req.body.thread && res.locals.messageLength < res.locals.board.settings.minThreadMessageLength) {
errors.push(`Thread messages must be at least ${res.locals.board.settings.minThreadMessageLength} characters long`);
} else if (req.body.thread && req.body.message.length < res.locals.board.settings.minReplyMessageLength) {
} else if (req.body.thread && res.locals.messageLength < res.locals.board.settings.minReplyMessageLength) {
errors.push(`Reply messages must be at least ${res.locals.board.settings.minReplyMessageLength} characters long`);
}
}

5
helpers/paramconverter.js
Unescape View File

@ -39,6 +39,11 @@ module.exports = (req, res, next) => {
}
}
//proper length check for CRLF vs just LF, because browsers dont count CRLF as 2 characters like the server does (and like it technically is)
if (req.body.message) {
res.locals.messageLength = req.body.message.replace(/\r\n/igm, '\n').length;
}
for (let i = 0; i < numberFields.length; i++) {
const field = numberFields[i];
if (req.body[field]) {

Write Preview
Loading…
Cancel
Save