message: sanitize replies too

master
justcool393 2022-10-20 18:24:03 -05:00
parent 52b8a22917
commit c0fe4d03c0
1 changed files with 1 additions and 3 deletions

View File

@ -582,9 +582,7 @@ def message2(v, username):
@limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required @auth_required
def messagereply(v): def messagereply(v):
body = request.values.get("body", "").strip().replace('','') body = sanitize_raw_body(request.values.get("body"), False)
body = body.replace('\r\n', '\n')[:COMMENT_BODY_LENGTH_LIMIT]
if not body and not request.files.get("file"): abort(400, "Message is empty!") if not body and not request.files.get("file"): abort(400, "Message is empty!")
if 'linkedin.com' in body: abort(403, "This domain 'linkedin.com' is banned") if 'linkedin.com' in body: abort(403, "This domain 'linkedin.com' is banned")