From 3f17624de6129d03ded9a44ad4e75297024ada4d Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sat, 12 Nov 2022 12:27:01 +0200 Subject: [PATCH] validate poll options body_html length --- files/routes/comments.py | 16 ++++++++++++---- files/routes/posts.py | 20 +++++++++++++++----- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/files/routes/comments.py b/files/routes/comments.py index 1d58a443f..2bde33c9d 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -242,17 +242,21 @@ def comment(v): else: c.top_comment_id = parent.top_comment_id for option in options: + body_html = filter_emojis_only(option) + if len(body_html) > 500: abort(400, "Poll option too long!") option = CommentOption( comment_id=c.id, - body_html=filter_emojis_only(option), + body_html=body_html, exclusive=0 ) g.db.add(option) for choice in choices: + body_html = filter_emojis_only(choice) + if len(body_html) > 500: abort(400, "Poll option too long!") choice = CommentOption( comment_id=c.id, - body_html=filter_emojis_only(choice), + body_html=body_html, exclusive=1 ) g.db.add(choice) @@ -387,18 +391,22 @@ def edit_comment(cid, v): for i in poll_regex.finditer(body): body = body.replace(i.group(0), "") + body_html = filter_emojis_only(i.group(1)) + if len(body_html) > 500: abort(400, "Poll option too long!") option = CommentOption( comment_id=c.id, - body_html=filter_emojis_only(i.group(1)), + body_html=body_html, exclusive = 0 ) g.db.add(option) for i in choice_regex.finditer(body): body = body.replace(i.group(0), "") + body_html = filter_emojis_only(i.group(1)) + if len(body_html) > 500: abort(400, "Poll option too long!") option = CommentOption( comment_id=c.id, - body_html=filter_emojis_only(i.group(1)), + body_html=body_html, exclusive = 1 ) g.db.add(option) diff --git a/files/routes/posts.py b/files/routes/posts.py index 67ead7497..5983ae01e 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -345,18 +345,22 @@ def edit_post(pid, v): if body != p.body: for i in poll_regex.finditer(body): body = body.replace(i.group(0), "") + body_html = filter_emojis_only(i.group(1)) + if len(body_html) > 500: abort(400, "Poll option too long!") option = SubmissionOption( submission_id=p.id, - body_html=filter_emojis_only(i.group(1)), + body_html=body_html, exclusive = 0 ) g.db.add(option) for i in choice_regex.finditer(body): body = body.replace(i.group(0), "") + body_html = filter_emojis_only(i.group(1)) + if len(body_html) > 500: abort(400, "Poll option too long!") option = SubmissionOption( submission_id=p.id, - body_html=filter_emojis_only(i.group(1)), + body_html=body_html, exclusive = 1 ) g.db.add(option) @@ -806,26 +810,32 @@ def submit_post(v, sub=None): if not execute_blackjack(v, post, text, 'submission'): break for option in options: + body_html = filter_emojis_only(option) + if len(body_html) > 500: abort(400, "Poll option too long!") option = SubmissionOption( submission_id=post.id, - body_html=filter_emojis_only(option), + body_html=body_html, exclusive=0 ) g.db.add(option) for choice in choices: + body_html = filter_emojis_only(choice) + if len(body_html) > 500: abort(400, "Poll option too long!") choice = SubmissionOption( submission_id=post.id, - body_html=filter_emojis_only(choice), + body_html=body_html, exclusive=1 ) g.db.add(choice) if v and v.admin_level >= PERMS['POST_BETS']: for bet in bets: + body_html = filter_emojis_only(bet) + if len(body_html) > 500: abort(400, "Bet option too long!") bet = SubmissionOption( submission_id=post.id, - body_html=filter_emojis_only(bet), + body_html=body_html, exclusive=2 ) g.db.add(bet)