Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bugfix] Use []rune to check length of user-submitted text #948

Merged
merged 1 commit into from
Nov 3, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions internal/api/client/app/appcreate.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,26 +92,26 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
return
}

if len(form.ClientName) > formFieldLen {
err := fmt.Errorf("client_name must be less than %d bytes", formFieldLen)
if len([]rune(form.ClientName)) > formFieldLen {
err := fmt.Errorf("client_name must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}

if len(form.RedirectURIs) > formRedirectLen {
err := fmt.Errorf("redirect_uris must be less than %d bytes", formRedirectLen)
if len([]rune(form.RedirectURIs)) > formRedirectLen {
err := fmt.Errorf("redirect_uris must be less than %d characters", formRedirectLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}

if len(form.Scopes) > formFieldLen {
err := fmt.Errorf("scopes must be less than %d bytes", formFieldLen)
if len([]rune(form.Scopes)) > formFieldLen {
err := fmt.Errorf("scopes must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}

if len(form.Website) > formFieldLen {
err := fmt.Errorf("website must be less than %d bytes", formFieldLen)
if len([]rune(form.Website)) > formFieldLen {
err := fmt.Errorf("website must be less than %d characters", formFieldLen)
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
return
}
Expand Down
4 changes: 2 additions & 2 deletions internal/api/client/media/mediacreate.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,8 @@ func validateCreateMedia(form *model.AttachmentRequest) error {
return fmt.Errorf("file size limit exceeded: limit is %d bytes but attachment was %d bytes", maxSize, form.File.Size)
}

if len(form.Description) > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(form.Description))
if length := len([]rune(form.Description)); length > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
}

return nil
Expand Down
4 changes: 2 additions & 2 deletions internal/api/client/media/mediaupdate.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,8 @@ func validateUpdateMedia(form *model.AttachmentUpdateRequest) error {
maxDescriptionChars := config.GetMediaDescriptionMaxChars()

if form.Description != nil {
if len(*form.Description) < minDescriptionChars || len(*form.Description) > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(*form.Description))
if length := len([]rune(*form.Description)); length < minDescriptionChars || length > maxDescriptionChars {
return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
}
}

Expand Down
12 changes: 6 additions & 6 deletions internal/api/client/status/statuscreate.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,8 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
maxCwChars := config.GetStatusesCWMaxChars()

if form.Status != "" {
if len(form.Status) > maxChars {
return fmt.Errorf("status too long, %d characters provided but limit is %d", len(form.Status), maxChars)
if length := len([]rune(form.Status)); length > maxChars {
return fmt.Errorf("status too long, %d characters provided but limit is %d", length, maxChars)
}
}

Expand All @@ -141,15 +141,15 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
}
for _, p := range form.Poll.Options {
if len(p) > maxPollChars {
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", len(p), maxPollChars)
if length := len([]rune(p)); length > maxPollChars {
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
}
}
}

if form.SpoilerText != "" {
if len(form.SpoilerText) > maxCwChars {
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", len(form.SpoilerText), maxCwChars)
if length := len([]rune(form.SpoilerText)); length > maxCwChars {
return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", length, maxCwChars)
}
}

Expand Down
30 changes: 16 additions & 14 deletions internal/validate/formvalidation.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func NewPassword(password string) error {
return errors.New("no password provided")
}

if len(password) > maximumPasswordLength {
if len([]rune(password)) > maximumPasswordLength {
return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
}

Expand Down Expand Up @@ -113,12 +113,14 @@ func SignUpReason(reason string, reasonRequired bool) error {
return errors.New("no reason provided")
}

if len(reason) < minimumReasonLength {
return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, len(reason))
length := len([]rune(reason))

if length < minimumReasonLength {
return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, length)
}

if len(reason) > maximumReasonLength {
return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, len(reason))
if length > maximumReasonLength {
return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, length)
}
return nil
}
Expand Down Expand Up @@ -164,7 +166,7 @@ func CustomCSS(customCSS string) error {
return errors.New("accounts-allow-custom-css is not enabled for this instance")
}

if length := len(customCSS); length > maximumCustomCSSLength {
if length := len([]rune(customCSS)); length > maximumCustomCSSLength {
return fmt.Errorf("custom_css must be less than %d characters, but submitted custom_css was %d characters", maximumCustomCSSLength, length)
}
return nil
Expand All @@ -182,35 +184,35 @@ func EmojiShortcode(shortcode string) error {

// SiteTitle ensures that the given site title is within spec.
func SiteTitle(siteTitle string) error {
if len(siteTitle) > maximumSiteTitleLength {
return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, len(siteTitle))
if length := len([]rune(siteTitle)); length > maximumSiteTitleLength {
return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, length)
}

return nil
}

// SiteShortDescription ensures that the given site short description is within spec.
func SiteShortDescription(d string) error {
if len(d) > maximumShortDescriptionLength {
return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, len(d))
if length := len([]rune(d)); length > maximumShortDescriptionLength {
return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, length)
}

return nil
}

// SiteDescription ensures that the given site description is within spec.
func SiteDescription(d string) error {
if len(d) > maximumDescriptionLength {
return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, len(d))
if length := len([]rune(d)); length > maximumDescriptionLength {
return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, length)
}

return nil
}

// SiteTerms ensures that the given site terms string is within spec.
func SiteTerms(t string) error {
if len(t) > maximumSiteTermsLength {
return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, len(t))
if length := len([]rune(t)); length > maximumSiteTermsLength {
return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, length)
}

return nil
Expand Down
6 changes: 6 additions & 0 deletions internal/validate/formvalidation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,7 @@ func (suite *ValidationTestSuite) TestValidateReason() {
badReason := "because"
goodReason := "to smash the state and destroy capitalism ultimately and completely"
tooLong := "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris auctor mollis viverra. Maecenas maximus mollis sem, nec fermentum velit consectetur non. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor. Curabitur velit tellus, facilisis vitae lorem a, ullamcorper efficitur leo. Sed a auctor tortor. Sed ut finibus ante, sit amet laoreet sapien. Donec ullamcorper tellus a nibh sodales vulputate. Donec id dolor eu odio mollis bibendum. Pellentesque habitant morbi tristique senectus et netus at."
unicode := "⎾⎿⏀⏁⏂⏃⏄⏅⏆⏇"
var err error

// check with no reason required
Expand All @@ -256,6 +257,11 @@ func (suite *ValidationTestSuite) TestValidateReason() {
assert.Equal(suite.T(), nil, err)
}

err = validate.SignUpReason(unicode, false)
if assert.NoError(suite.T(), err) {
assert.Equal(suite.T(), nil, err)
}

// check with reason required
err = validate.SignUpReason(empty, true)
if assert.Error(suite.T(), err) {
Expand Down