|
|
|
@ -15,7 +15,8 @@ const { Posts, Modlogs, Filters } = require(__dirname+'/../../db/') |
|
|
|
|
, buildQueue = require(__dirname+'/../../lib/build/queue.js') |
|
|
|
|
, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js') |
|
|
|
|
, Socketio = require(__dirname+'/../../lib/misc/socketio.js') |
|
|
|
|
, { buildThread } = require(__dirname+'/../../lib/build/tasks.js'); |
|
|
|
|
, { buildThread } = require(__dirname+'/../../lib/build/tasks.js') |
|
|
|
|
, FIELDS_TO_REPLACE = ['email', 'subject', 'message']; |
|
|
|
|
|
|
|
|
|
module.exports = async (req, res) => { |
|
|
|
|
|
|
|
|
@ -31,6 +32,7 @@ todo: handle some more situations |
|
|
|
|
|
|
|
|
|
//filters
|
|
|
|
|
if (!res.locals.permissions.get(Permissions.BYPASS_FILTERS)) { |
|
|
|
|
|
|
|
|
|
//only global filters are checked, because anybody who could edit bypasses board filters
|
|
|
|
|
const globalFilters = await Filters.findForBoard(null); |
|
|
|
|
|
|
|
|
@ -47,8 +49,7 @@ todo: handle some more situations |
|
|
|
|
await filterActions(req, res, true, o.h, o.f, null); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const fields = ['name','email','subject','message']; |
|
|
|
|
for (const field of fields) { |
|
|
|
|
for (const field of FIELDS_TO_REPLACE) { |
|
|
|
|
//check filters haven't pushed a field past its limit
|
|
|
|
|
if (req.body[field] && (req.body[field].length > globalLimits.fieldLength[field])) { |
|
|
|
|
return dynamicResponse(req, res, 400, 'message', { |
|
|
|
|