From f1a8db74b7356cbc8a6d2b2238e269c91bff7f46 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Sun, 19 Mar 2023 20:17:44 +0200
Subject: [PATCH] enforce length limit for chud phrase in the backend

---
 files/routes/awards.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/files/routes/awards.py b/files/routes/awards.py
index c5854e459..d51f88c3a 100644
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@@ -306,9 +306,13 @@ def award_thing(v, thing_type, id):
 		else: author.agendaposter = int(time.time()) + 86400
 
 		agendaposter_phrase = request.values.get("agendaposter_phrase").lower()
-		if not agendaposter_phrase: abort(400)
+		if not agendaposter_phrase: abort(400, "Missing phrase!")
+
 		agendaposter_phrase = agendaposter_phrase.strip()
-		if not agendaposter_phrase: abort(400)
+		if not agendaposter_phrase: abort(400, "Missing phrase!")
+
+		if len(agendaposter_phrase) > 100:
+			 abort(400, "Max length for phrase is 100 characters")
 
 		author.agendaposter_phrase = agendaposter_phrase