fix xss on banning domains (only admins could use it)
parent
465565f26c
commit
512c864327
|
@ -1518,6 +1518,11 @@ def ban_domain(v):
|
|||
reason=request.values.get("reason", "").strip()
|
||||
if not reason: abort(400, 'Reason is required!')
|
||||
|
||||
if len(reason) > 100:
|
||||
abort(400, 'Reason is too long (max 100 characters)!')
|
||||
|
||||
reason = filter_emojis_only(reason)
|
||||
|
||||
if len(reason) > 100:
|
||||
abort(400, 'Reason is too long (max 100 characters)!')
|
||||
|
||||
|
|
Loading…
Reference in New Issue