rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

fix xss on banning domains (only admins could use it)

pull/83/head
Aevann 2022-12-27 07:18:46 +02:00
parent 465565f26c
commit 512c864327
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
files/routes/admin.py
View File

@ -1518,6 +1518,11 @@ def ban_domain(v):
reason=request.values.get("reason", "").strip()
if not reason: abort(400, 'Reason is required!')
if len(reason) > 100:
abort(400, 'Reason is too long (max 100 characters)!')
reason = filter_emojis_only(reason)
if len(reason) > 100:
abort(400, 'Reason is too long (max 100 characters)!')