Chat: always enforce length limits from config
このコミットが含まれているのは:
コミット
e147aa0d22
|
@ -62,14 +62,21 @@ def add_chat_message(user, nonce, comment, ignore_empty=False):
|
|||
raise Rejected('Message was empty')
|
||||
if len(comment.strip()) == 0:
|
||||
raise Rejected('Message was practically empty')
|
||||
if len(comment) > 512:
|
||||
raise Rejected('Message exceeded 512 chars')
|
||||
if comment.count('\n') + 1 > 12:
|
||||
raise Rejected('Message exceeded 12 lines')
|
||||
if len(comment) > CONFIG['CHAT_COMMENT_MAX_LENGTH']:
|
||||
raise Rejected(
|
||||
f'Message exceeded {CONFIG["CHAT_COMMENT_MAX_LENGTH"]} chars'
|
||||
)
|
||||
|
||||
if comment.count('\n') + 1 > CONFIG['CHAT_COMMENT_MAX_LINES']:
|
||||
raise Rejected(
|
||||
f'Message exceeded {CONFIG["CHAT_COMMENT_MAX_LINES"]} lines'
|
||||
)
|
||||
linespan = get_approx_linespan(comment)
|
||||
if linespan > 12:
|
||||
raise Rejected('Message would span too many lines')
|
||||
if linespan > CONFIG['CHAT_COMMENT_MAX_LINES']:
|
||||
raise Rejected(
|
||||
f'Message would span {CONFIG["CHAT_COMMENT_MAX_LINES"]} '
|
||||
f'or more lines'
|
||||
)
|
||||
|
||||
# Record linespan
|
||||
linespan_tuple = (timestamp, linespan)
|
||||
|
|
|
@ -117,9 +117,11 @@ def toml_to_flask_section_chat(config):
|
|||
cfg = config['chat']
|
||||
return {
|
||||
'CHAT_COMMENT_MAX_LENGTH': cfg['max_comment_length'],
|
||||
'CHAT_COMMENT_MAX_LINES': cfg['max_comment_lines'],
|
||||
'CHAT_NAME_MAX_LENGTH': cfg['max_name_length'],
|
||||
'CHAT_NAME_MIN_CONTRAST': cfg['min_name_contrast'],
|
||||
'CHAT_BACKGROUND_COLOUR': color_to_colour(cfg['background_color']),
|
||||
'CHAT_TRIPCODE_PASSWORD_MAX_LENGTH': cfg['max_tripcode_password_length'],
|
||||
'CHAT_LEGACY_TRIPCODE_ALGORITHM': cfg['legacy_tripcode_algorithm'],
|
||||
}
|
||||
|
||||
|
|
|
@ -92,6 +92,9 @@ async def nojs_chat_form(user):
|
|||
nonce=generate_nonce(),
|
||||
digest=get_random_captcha_digest_for(user),
|
||||
default_name=get_default_name(user),
|
||||
max_comment_length=CONFIG['CHAT_COMMENT_MAX_LENGTH'],
|
||||
max_name_length=CONFIG['CHAT_NAME_MAX_LENGTH'],
|
||||
max_password_length=CONFIG['CHAT_TRIPCODE_PASSWORD_MAX_LENGTH'],
|
||||
)
|
||||
|
||||
@current_app.post('/chat/form')
|
||||
|
|
|
@ -33,7 +33,7 @@ const jsmarkup_chat_users = `\
|
|||
const jsmarkup_chat_form = `\
|
||||
<form id="chat-form_js" data-js="true" action="/chat" method="post">
|
||||
<input id="chat-form_js__nonce" type="hidden" name="nonce" value="">
|
||||
<textarea id="chat-form_js__comment" name="comment" maxlength="512" required placeholder="Send a message..." rows="1" autofocus></textarea>
|
||||
<textarea id="chat-form_js__comment" name="comment" required placeholder="Send a message..." rows="1" autofocus></textarea>
|
||||
<div id="chat-live">
|
||||
<span id="chat-live__ball"></span>
|
||||
<span id="chat-live__status">
|
||||
|
@ -55,10 +55,10 @@ const jsmarkup_chat_form = `\
|
|||
</form>
|
||||
<form id="appearance-form_js" data-hidden="">
|
||||
<span id="appearance-form_js__label-name">Name:</span>
|
||||
<input id="appearance-form_js__name" name="name" maxlength="24">
|
||||
<input id="appearance-form_js__name" name="name">
|
||||
<input id="appearance-form_js__color" type="color" name="color">
|
||||
<span id="appearance-form_js__label-tripcode">Tripcode:</span>
|
||||
<input id="appearance-form_js__password" type="password" name="password" placeholder="(tripcode password)" maxlength="1024">
|
||||
<input id="appearance-form_js__password" type="password" name="password" placeholder="(tripcode password)">
|
||||
<div id="appearance-form_js__row">
|
||||
<article id="appearance-form_js__row__result"></article>
|
||||
<input id="appearance-form_js__row__submit" type="submit" value="Update">
|
||||
|
|
|
@ -220,7 +220,7 @@
|
|||
{% endif %}
|
||||
<form id="chat-form" action="{{ url_for('nojs_submit_message', token=user.token) }}" method="post">
|
||||
<input type="hidden" name="nonce" value="{{ nonce }}">
|
||||
<textarea id="chat-form__comment" name="comment" maxlength="512" {% if digest is none %}required {% endif %} placeholder="Send a message..." rows="1" tabindex="1" autofocus accesskey="m">{{ state.comment }}</textarea>
|
||||
<textarea id="chat-form__comment" name="comment" maxlength="{{ max_comment_length }}" {% if digest is none %}required {% endif %} placeholder="Send a message..." rows="1" tabindex="1" autofocus accesskey="m">{{ state.comment }}</textarea>
|
||||
<input id="chat-form__submit" type="submit" value="Chat" tabindex="4" accesskey="p">
|
||||
<div id="chat-form__exit"><label for="toggle" class="pseudolink">Settings</label></div>
|
||||
{% if digest %}
|
||||
|
@ -231,7 +231,7 @@
|
|||
</form>
|
||||
<form id="appearance-form" action="{{ url_for('nojs_submit_appearance', token=user.token) }}" method="post">
|
||||
<label id="appearance-form__label-name" for="appearance-form__name">Name:</label>
|
||||
<input id="appearance-form__name" name="name" value="{{ user.name or '' }}" placeholder="{{ default_name }}" maxlength="24">
|
||||
<input id="appearance-form__name" name="name" value="{{ user.name or '' }}" placeholder="{{ default_name }}" maxlength="{{ max_name_length }}">
|
||||
<input type="color" name="color" value="{{ user.color }}">
|
||||
<label id="appearance-form__label-password" for="appearance-form__password">Tripcode:</label>
|
||||
<input id="password-toggle" name="set-tripcode" type="checkbox" accesskey="s">
|
||||
|
@ -247,7 +247,7 @@
|
|||
<label id="hide-cleared" for="cleared-toggle" class="pseudolink">undo</label>
|
||||
{% endif %}
|
||||
</div>
|
||||
<input id="appearance-form__password" name="password" type="password" placeholder="(tripcode password)" maxlength="1024">
|
||||
<input id="appearance-form__password" name="password" type="password" placeholder="(tripcode password)" maxlength="{{ max_password_length }}">
|
||||
<div id="hide-password"><label for="password-toggle" class="pseudolink x">×</label></div>
|
||||
<div id="appearance-form__buttons">
|
||||
<div id="appearance-form__buttons__exit"><label for="toggle" class="pseudolink">Return to chat</label></div>
|
||||
|
|
|
@ -93,8 +93,10 @@ def change_name(user, name, dry_run=False):
|
|||
if name is not None:
|
||||
if len(name) == 0:
|
||||
raise BadAppearance('Name was empty')
|
||||
if len(name) > 24:
|
||||
raise BadAppearance('Name exceeded 24 chars')
|
||||
if len(name) > CONFIG['CHAT_NAME_MAX_LENGTH']:
|
||||
raise BadAppearance(
|
||||
f'Name exceeded {CONFIG["CHAT_NAME_MAX_LENGTH"]} chars'
|
||||
)
|
||||
else:
|
||||
user['name'] = name
|
||||
|
||||
|
@ -119,8 +121,11 @@ def change_color(user, color, dry_run=False):
|
|||
|
||||
def change_tripcode(user, password, dry_run=False):
|
||||
if dry_run:
|
||||
if len(password) > 1024:
|
||||
raise BadAppearance('Password exceeded 1024 chars')
|
||||
if len(password) > CONFIG['CHAT_TRIPCODE_PASSWORD_MAX_LENGTH']:
|
||||
raise BadAppearance(
|
||||
f'Password exceeded '
|
||||
f'{CONFIG["CHAT_TRIPCODE_PASSWORD_MAX_LENGTH"]} chars'
|
||||
)
|
||||
else:
|
||||
user['tripcode'] = generate_tripcode(password)
|
||||
|
||||
|
|
|
@ -53,9 +53,11 @@ anonymous = "Anonymous"
|
|||
|
||||
[chat]
|
||||
max_comment_length = 512
|
||||
max_comment_lines = 12
|
||||
max_name_length = 24
|
||||
min_name_contrast = 3.0
|
||||
background_color = "#232327"
|
||||
max_tripcode_password_length = 1024
|
||||
legacy_tripcode_algorithm = false
|
||||
|
||||
[flood.messages]
|
||||
|
|
読み込み中…
新しいイシューから参照