increase css limit from 4000 to 10000

2022-12-10 20:30:15 +02:00 · 2022-12-10 20:30:15 +02:00 · b2d457c028
parent 8d5b55f7ed
commit b2d457c028
5 changed files with 11 additions and 9 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -390,6 +390,7 @@ POST_BODY_LENGTH_LIMIT = 20000 # do not make larger than 20000 without altering
 POST_BODY_HTML_LENGTH_LIMIT = 40000 # do not make larger than 40000 without altering the table
 COMMENT_BODY_LENGTH_LIMIT = 10000 # do not make larger than 10000 characters without altering the table
 COMMENT_BODY_HTML_LENGTH_LIMIT = 20000 # do not make larger than 20000 characters without altering the table
+CSS_LENGTH_LIMIT = 10000 # do not make larger than 20000 characters without altering the table
 COMMENT_MAX_DEPTH = 200
 TRANSFER_MESSAGE_LENGTH_LIMIT = 200 # do not make larger than 10000 characters (comment limit) without altering the table
 MIN_REPOST_CHECK_URL_LENGTH = 9 # also change the constant in checkRepost() of submit.js
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -599,7 +599,7 @@ def settings_css_get(v:User):
@ratelimit_user()
 def settings_css(v):
 	if v.agendaposter: abort(400, "Agendapostered users can't edit CSS!")
-	css = request.values.get("css", v.css).strip().replace('\\', '').strip()[:4000]
+	css = request.values.get("css", v.css).strip().replace('\\', '').strip()[:CSS_LENGTH_LIMIT]
 	if '</style' in css.lower():
 		abort(400, "Please message @Aevann if you get this error")
 	v.css = css
@ -612,7 +612,7 @@ def settings_css(v):
@auth_required
@ratelimit_user()
 def settings_profilecss(v):
-	profilecss = request.values.get("profilecss", v.profilecss).strip().replace('\\', '').strip()[:4000]
+	profilecss = request.values.get("profilecss", v.profilecss).strip().replace('\\', '').strip()[:CSS_LENGTH_LIMIT]
 	valid, error = validate_css(profilecss)
 	if not valid:
 		return render_template("settings/css.html", error=error, v=v)
--- a/files/templates/settings/css.html
+++ b/files/templates/settings/css.html
@ -11,8 +11,8 @@
 					<div class="w-lg-100">
 						<form id="profile-settings-css" action="/settings/css" method="post">
 							<input type="hidden" name="formkey" value="{{v|formkey}}">
-							<textarea autocomplete="off" class="form-control rounded" id="css-textarea" aria-label="With textarea" placeholder="Custom CSS" rows="3" name="css" form="profile-settings-css" maxlength="4000">{% if v.css %}{{v.csslazy}}{% endif %}</textarea>
-							<small>Limit of 4000 characters</small>
+							<textarea autocomplete="off" class="form-control rounded" id="css-textarea" aria-label="With textarea" placeholder="Custom CSS" rows="3" name="css" form="profile-settings-css" maxlength="{{CSS_LENGTH_LIMIT}}">{% if v.css %}{{v.csslazy}}{% endif %}</textarea>
+							<small>Limit of {{CSS_LENGTH_LIMIT}} characters</small>
 							<div class="d-flex mt-2">
 								<input autocomplete="off" id="submit-btn" class="btn btn-primary ml-auto" type="submit" onclick="disable(this)" value="Save">
 							</div>
@ -29,8 +29,8 @@
 					<div class="w-lg-100">
 						<form id="profile-settings-profilecss" action="/settings/profilecss" method="post">
 							<input type="hidden" name="formkey" value="{{v|formkey}}">
-							<textarea autocomplete="off" class="form-control rounded" id="profilecss-textarea" aria-label="With textarea" placeholder="Custom profile CSS" rows="3" name="profilecss" form="profile-settings-profilecss" maxlength="4000">{% if v.profilecss %}{{v.profilecss}}{% endif %}</textarea>
-							<small>Limit of 4000 characters</small>
+							<textarea autocomplete="off" class="form-control rounded" id="profilecss-textarea" aria-label="With textarea" placeholder="Custom profile CSS" rows="3" name="profilecss" form="profile-settings-profilecss" maxlength="{{CSS_LENGTH_LIMIT}}">{% if v.profilecss %}{{v.profilecss}}{% endif %}</textarea>
+							<small>Limit of {{CSS_LENGTH_LIMIT}} characters</small>
 							<div class="d-flex mt-2">
 								<input autocomplete="off" class="btn btn-primary ml-auto" type="submit" onclick="disable(this)" value="Save">
 							</div>
--- a/migrations/20221210-increase-css-limit.sql
+++ b/migrations/20221210-increase-css-limit.sql
@ -0,0 +1,2 @@
+alter table users alter column css type varchar(10000);
+alter table users alter column profilecss type varchar(10000);
--- a/schema.sql
+++ b/schema.sql
@ -973,8 +973,8 @@ CREATE TABLE public.users (
    newtabexternal boolean DEFAULT true NOT NULL,
    customtitleplain character varying(100),
    themecolor character varying(6) NOT NULL,
-    css character varying(4000),
-    profilecss character varying(4000),
+    css character varying(10000),
+    profilecss character varying(10000),
    coins integer DEFAULT 0 NOT NULL,
    agendaposter integer DEFAULT 0 NOT NULL,
    post_count integer DEFAULT 0 NOT NULL,
@ -2737,4 +2737,3 @@ ALTER TABLE ONLY public.comments
 --
 -- PostgreSQL database dump complete
 --
-