From 9f73e7bb344f3a5f2c93952aa5b8cddebe6f3298 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Sun, 1 Jan 2023 02:38:41 +0200
Subject: [PATCH] do length checks in badge_grant

---
 files/helpers/useractions.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/files/helpers/useractions.py b/files/helpers/useractions.py
index 3c3afdffe..58707f320 100644
--- a/files/helpers/useractions.py
+++ b/files/helpers/useractions.py
@@ -8,6 +8,12 @@ def badge_grant(user, badge_id, description=None, url=None, notify=True):
 	if user.has_badge(badge_id):
 		return
 
+	if len(description) > 256:
+		abort(400, "Custom description is too long, max 256 characters!")
+
+	if len(url) > 256:
+		abort(400, "URL is too long, max 256 characters!")
+
 	badge = Badge(
 		badge_id=int(badge_id),
 		user_id=user.id,