From: Neshura Date: Mon, 26 Jun 2023 08:47:01 +0000 (+0200) Subject: Add separate Post check for is_valid_body_field (#3263) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/nerdica.net/static/%24%7BappleTouchIcon%7D?a=commitdiff_plain;h=203e35899e12e8696d0c871b5c12b27a5751b4a2;p=lemmy.git Add separate Post check for is_valid_body_field (#3263) * Add separate Post check for is_valid_body_field * Modify is_valid_body_check for posts only * Fix check var reinit in validation.rs * Extra empty line to rerun woodpecker with changes * Change Option to bool, add false to non-post calls * Woodpecker trick.. again * Probable rust_fmt fail fixed * cargo_clippy changes * Missing space between = and if * Remove ; after body length checks --- diff --git a/crates/api/src/community/ban.rs b/crates/api/src/community/ban.rs index a0fd7bf1..330c2c56 100644 --- a/crates/api/src/community/ban.rs +++ b/crates/api/src/community/ban.rs @@ -42,7 +42,7 @@ impl Perform for BanFromCommunity { // Verify that only mods or admins can ban is_mod_or_admin(context.pool(), local_user_view.person.id, community_id).await?; - is_valid_body_field(&data.reason)?; + is_valid_body_field(&data.reason, false)?; let community_user_ban_form = CommunityPersonBanForm { community_id: data.community_id, diff --git a/crates/api/src/local_user/ban_person.rs b/crates/api/src/local_user/ban_person.rs index 452557d2..2c2d363e 100644 --- a/crates/api/src/local_user/ban_person.rs +++ b/crates/api/src/local_user/ban_person.rs @@ -30,7 +30,7 @@ impl Perform for BanPerson { // Make sure user is an admin is_admin(&local_user_view)?; - is_valid_body_field(&data.reason)?; + is_valid_body_field(&data.reason, false)?; let ban = data.ban; let banned_person_id = data.person_id; diff --git a/crates/api_crud/src/comment/create.rs b/crates/api_crud/src/comment/create.rs index 4ef8686e..b3b1efec 100644 --- a/crates/api_crud/src/comment/create.rs +++ b/crates/api_crud/src/comment/create.rs @@ -49,7 +49,7 @@ impl PerformCrud for CreateComment { &data.content.clone(), &local_site_to_slur_regex(&local_site), ); - is_valid_body_field(&Some(content_slurs_removed.clone()))?; + is_valid_body_field(&Some(content_slurs_removed.clone()), false)?; // Check for a community ban let post_id = data.post_id; diff --git a/crates/api_crud/src/comment/update.rs b/crates/api_crud/src/comment/update.rs index 86bdb52e..3504e784 100644 --- a/crates/api_crud/src/comment/update.rs +++ b/crates/api_crud/src/comment/update.rs @@ -64,7 +64,7 @@ impl PerformCrud for EditComment { .as_ref() .map(|c| remove_slurs(c, &local_site_to_slur_regex(&local_site))); - is_valid_body_field(&content_slurs_removed)?; + is_valid_body_field(&content_slurs_removed, false)?; let comment_id = data.comment_id; let form = CommentUpdateForm::builder() diff --git a/crates/api_crud/src/community/create.rs b/crates/api_crud/src/community/create.rs index 850e9f2f..0e55beac 100644 --- a/crates/api_crud/src/community/create.rs +++ b/crates/api_crud/src/community/create.rs @@ -67,7 +67,7 @@ impl PerformCrud for CreateCommunity { check_slurs_opt(&data.description, &slur_regex)?; is_valid_actor_name(&data.name, local_site.actor_name_max_length as usize)?; - is_valid_body_field(&data.description)?; + is_valid_body_field(&data.description, false)?; // Double check for duplicate community actor_ids let community_actor_id = generate_local_apub_endpoint( diff --git a/crates/api_crud/src/community/update.rs b/crates/api_crud/src/community/update.rs index 7494cd34..dec62865 100644 --- a/crates/api_crud/src/community/update.rs +++ b/crates/api_crud/src/community/update.rs @@ -39,7 +39,7 @@ impl PerformCrud for EditCommunity { let slur_regex = local_site_to_slur_regex(&local_site); check_slurs_opt(&data.title, &slur_regex)?; check_slurs_opt(&data.description, &slur_regex)?; - is_valid_body_field(&data.description)?; + is_valid_body_field(&data.description, false)?; // Verify its a mod (only mods can edit it) let community_id = data.community_id; diff --git a/crates/api_crud/src/post/create.rs b/crates/api_crud/src/post/create.rs index cd2cf1c3..8ff1b678 100644 --- a/crates/api_crud/src/post/create.rs +++ b/crates/api_crud/src/post/create.rs @@ -57,7 +57,7 @@ impl PerformCrud for CreatePost { let url = data_url.map(clean_url_params).map(Into::into); // TODO no good way to handle a "clear" is_valid_post_title(&data.name)?; - is_valid_body_field(&data.body)?; + is_valid_body_field(&data.body, true)?; check_community_ban(local_user_view.person.id, data.community_id, context.pool()).await?; check_community_deleted_or_removed(data.community_id, context.pool()).await?; diff --git a/crates/api_crud/src/post/update.rs b/crates/api_crud/src/post/update.rs index af2c63c5..a540f454 100644 --- a/crates/api_crud/src/post/update.rs +++ b/crates/api_crud/src/post/update.rs @@ -49,7 +49,7 @@ impl PerformCrud for EditPost { is_valid_post_title(name)?; } - is_valid_body_field(&data.body)?; + is_valid_body_field(&data.body, true)?; let post_id = data.post_id; let orig_post = Post::read(context.pool(), post_id).await?; diff --git a/crates/api_crud/src/private_message/create.rs b/crates/api_crud/src/private_message/create.rs index 3f1d4ef8..e1a85546 100644 --- a/crates/api_crud/src/private_message/create.rs +++ b/crates/api_crud/src/private_message/create.rs @@ -43,7 +43,7 @@ impl PerformCrud for CreatePrivateMessage { &data.content.clone(), &local_site_to_slur_regex(&local_site), ); - is_valid_body_field(&Some(content_slurs_removed.clone()))?; + is_valid_body_field(&Some(content_slurs_removed.clone()), false)?; check_person_block(local_user_view.person.id, data.recipient_id, context.pool()).await?; diff --git a/crates/api_crud/src/private_message/update.rs b/crates/api_crud/src/private_message/update.rs index cc3c377b..b2d8e48f 100644 --- a/crates/api_crud/src/private_message/update.rs +++ b/crates/api_crud/src/private_message/update.rs @@ -41,7 +41,7 @@ impl PerformCrud for EditPrivateMessage { // Doing the update let content_slurs_removed = remove_slurs(&data.content, &local_site_to_slur_regex(&local_site)); - is_valid_body_field(&Some(content_slurs_removed.clone()))?; + is_valid_body_field(&Some(content_slurs_removed.clone()), false)?; let private_message_id = data.private_message_id; PrivateMessage::update( diff --git a/crates/api_crud/src/site/create.rs b/crates/api_crud/src/site/create.rs index a1669bae..e7486e63 100644 --- a/crates/api_crud/src/site/create.rs +++ b/crates/api_crud/src/site/create.rs @@ -73,7 +73,7 @@ impl PerformCrud for CreateSite { site_description_length_check(desc)?; } - is_valid_body_field(&data.sidebar)?; + is_valid_body_field(&data.sidebar, false)?; let application_question = diesel_option_overwrite(&data.application_question); check_application_question( diff --git a/crates/api_crud/src/site/update.rs b/crates/api_crud/src/site/update.rs index 6664d549..fa800a5a 100644 --- a/crates/api_crud/src/site/update.rs +++ b/crates/api_crud/src/site/update.rs @@ -67,7 +67,7 @@ impl PerformCrud for EditSite { site_description_length_check(desc)?; } - is_valid_body_field(&data.sidebar)?; + is_valid_body_field(&data.sidebar, false)?; let application_question = diesel_option_overwrite(&data.application_question); check_application_question( diff --git a/crates/utils/src/utils/validation.rs b/crates/utils/src/utils/validation.rs index 41103332..621543b4 100644 --- a/crates/utils/src/utils/validation.rs +++ b/crates/utils/src/utils/validation.rs @@ -18,6 +18,7 @@ static CLEAN_URL_PARAMS_REGEX: Lazy = Lazy::new(|| { .expect("compile regex") }); const BODY_MAX_LENGTH: usize = 10000; +const POST_BODY_MAX_LENGTH: usize = 50000; const BIO_MAX_LENGTH: usize = 300; fn has_newline(name: &str) -> bool { @@ -68,9 +69,14 @@ pub fn is_valid_post_title(title: &str) -> LemmyResult<()> { } /// This could be post bodies, comments, or any description field -pub fn is_valid_body_field(body: &Option) -> LemmyResult<()> { +pub fn is_valid_body_field(body: &Option, post: bool) -> LemmyResult<()> { if let Some(body) = body { - let check = body.chars().count() <= BODY_MAX_LENGTH; + let check = if post { + body.chars().count() <= POST_BODY_MAX_LENGTH + } else { + body.chars().count() <= BODY_MAX_LENGTH + }; + if !check { Err(LemmyError::from_message("invalid_body_field")) } else {