From e1c0fd615c9232a0e3452f0475e401826103748f Mon Sep 17 00:00:00 2001 From: fatchan Date: Thu, 13 Jun 2019 11:09:18 +0000 Subject: [PATCH] correct force op subject checking for threads --- controllers/forms.js | 37 ++++++++++++++++++++--------------- models/forms/makepost.js | 10 +++++----- models/forms/uploadbanners.js | 6 +++--- 3 files changed, 29 insertions(+), 24 deletions(-) diff --git a/controllers/forms.js b/controllers/forms.js index 628cfb98..2944a4f5 100644 --- a/controllers/forms.js +++ b/controllers/forms.js @@ -181,28 +181,35 @@ router.post('/register', verifyCaptcha, (req, res, next) => { // make new post router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConverter, verifyCaptcha, async (req, res, next) => { - let numFiles = 0; if (req.files && req.files.file) { if (Array.isArray(req.files.file)) { - numFiles = req.files.file.filter(file => file.size > 0).length; + res.locals.numFiles = req.files.file.filter(file => file.size > 0).length; } else { - numFiles = req.files.file.size > 0 ? 1 : 0; + res.locals.numFiles = req.files.file.size > 0 ? 1 : 0; req.files.file = [req.files.file]; } - numFiles = Math.min(numFiles, res.locals.board.settings.maxFiles) + res.locals.numFiles = Math.min(res.locals.numFiles, res.locals.board.settings.maxFiles) } const errors = []; - if (!req.body.message && numFiles === 0) { + // even if force file and message are off, the psot must contain one of either. + if (!req.body.message && res.locals.numFiles === 0) { errors.push('Must provide a message or file'); } - if (!req.body.thread && (res.locals.board.settings.forceOPFile && res.locals.board.settings.maxFiles !== 0) && numFiles === 0) { + + // ensure OP has file, subject and message acording to board settings + if (!req.body.thread && res.locals.board.settings.forceOPSubject && (!req.body.subject || req.body.subject.length === 0)) { + errors.push('Threads must include a subject'); + } + if (!req.body.thread && (res.locals.board.settings.forceOPFile && res.locals.board.settings.maxFiles !== 0) && res.locals.numFiles === 0) { errors.push('Threads must include a file'); } if (!req.body.thread && res.locals.board.settings.forceOPMessage && (!req.body.message || req.body.message.length === 0)) { errors.push('Threads must include a message'); } + + // make sure, min message length <= message length < max length (4k) if (req.body.message) { if (req.body.message.length > 4000) { errors.push('Message must be 4000 characters or less'); @@ -210,12 +217,11 @@ router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConve errors.push(`Message must be at least ${res.locals.board.settings.minMessageLength} characters long`); } } + + // subject, email, name, password limited length if (req.body.name && req.body.name.length > 50) { errors.push('Name must be 50 characters or less'); } - if (res.locals.board.settings.forceOPSubject && (!req.body.subject || req.body.subject.length === 0)) { - errors.push('Threads must include a subject'); - } if (req.body.subject && req.body.subject.length > 50) { errors.push('Subject must be 50 characters or less'); } @@ -236,7 +242,7 @@ router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConve } try { - await makePost(req, res, next, numFiles); + await makePost(req, res, next); } catch (err) { await deleteTempFiles(req).catch(e => console.error); return next(err); @@ -284,22 +290,21 @@ router.post('/board/:board/settings', csrf, Boards.exists, checkPermsMiddleware, //upload banners router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkPermsMiddleware, paramConverter, async (req, res, next) => { - let numFiles = 0; if (req.files && req.files.file) { if (Array.isArray(req.files.file)) { - numFiles = req.files.file.filter(file => file.size > 0).length; + res.locals.numFiles = req.files.file.filter(file => file.size > 0).length; } else { - numFiles = req.files.file.size > 0 ? 1 : 0; + res.locals.numFiles = req.files.file.size > 0 ? 1 : 0; req.files.file = [req.files.file]; } } const errors = []; - if (numFiles === 0) { + if (res.locals.numFiles === 0) { errors.push('Must provide a file'); } - if (res.locals.board.banners.length+numFiles > 100) { + if (res.locals.board.banners.length+res.locals.numFiles > 100) { errors.push('Number of uploads would exceed 100 banner limit'); } @@ -313,7 +318,7 @@ router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkP } try { - await uploadBanners(req, res, next, numFiles); + await uploadBanners(req, res, next); } catch (err) { await deleteTempFiles(req).catch(e => console.error); return next(err); diff --git a/models/forms/makepost.js b/models/forms/makepost.js index 22deed62..c4ec4a43 100644 --- a/models/forms/makepost.js +++ b/models/forms/makepost.js @@ -31,7 +31,7 @@ const path = require('path') , deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js') , { buildCatalog, buildThread, buildBoard, buildBoardMultiple } = require(__dirname+'/../../build.js'); -module.exports = async (req, res, next, numFiles) => { +module.exports = async (req, res, next) => { // check if this is responding to an existing thread let redirect = `/${req.params.board}/` @@ -68,7 +68,7 @@ module.exports = async (req, res, next, numFiles) => { }); } } - if (numFiles > res.locals.board.settings.maxFiles) { + if (res.locals.numFiles > res.locals.board.settings.maxFiles) { await deleteTempFiles(req).catch(e => console.error); return res.status(400).render('message', { 'title': 'Bad request', @@ -78,9 +78,9 @@ module.exports = async (req, res, next, numFiles) => { } let files = []; // if we got a file - if (numFiles > 0) { + if (res.locals.numFiles > 0) { // check all mime types befoer we try saving anything - for (let i = 0; i < numFiles; i++) { + for (let i = 0; i < res.locals.numFiles; i++) { if (!fileCheckMimeType(req.files.file[i].mimetype, {animatedImage: true, image: true, video: true})) { await deleteTempFiles(req).catch(e => console.error); return res.status(400).render('message', { @@ -91,7 +91,7 @@ module.exports = async (req, res, next, numFiles) => { } } // then upload, thumb, get metadata, etc. - for (let i = 0; i < numFiles; i++) { + for (let i = 0; i < res.locals.numFiles; i++) { const file = req.files.file[i]; const filename = file.sha256 + path.extname(file.name); file.filename = filename; //for error to delete failed files diff --git a/models/forms/uploadbanners.js b/models/forms/uploadbanners.js index ab971e6a..d303c5f9 100644 --- a/models/forms/uploadbanners.js +++ b/models/forms/uploadbanners.js @@ -9,12 +9,12 @@ const path = require('path') , deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js') , Boards = require(__dirname+'/../../db/boards.js') -module.exports = async (req, res, next, numFiles) => { +module.exports = async (req, res, next) => { const redirect = `/${req.params.board}/manage.html` // check all mime types befoer we try saving anything - for (let i = 0; i < numFiles; i++) { + for (let i = 0; i < res.locals.numFiles; i++) { if (!fileCheckMimeType(req.files.file[i].mimetype, {image: true, animatedImage: true, video: false})) { await deleteTempFiles(req).catch(e => console.error); return res.status(400).render('message', { @@ -26,7 +26,7 @@ module.exports = async (req, res, next, numFiles) => { } const filenames = []; - for (let i = 0; i < numFiles; i++) { + for (let i = 0; i < res.locals.numFiles; i++) { const file = req.files.file[i]; const filename = file.sha256 + path.extname(file.name); file.filename = filename;