From: Anon Date: Thu, 8 Jun 2023 14:31:26 +0000 (-0500) Subject: Add comment depth check (#2940) X-Git-Url: http://these/git/readmes/%7B%60https:/%22https:/hacktivis.me/static/%7BpictrsAvatarThumbnail%28user.avatar%29%7D?a=commitdiff_plain;h=15c84e2f7b5c82342d429547b060f848ba3962f2;p=lemmy.git Add comment depth check (#2940) * Add comment depth check * Move comment depth code * linter fix --- diff --git a/crates/api_crud/src/comment/create.rs b/crates/api_crud/src/comment/create.rs index 50018794..4ef8686e 100644 --- a/crates/api_crud/src/comment/create.rs +++ b/crates/api_crud/src/comment/create.rs @@ -33,6 +33,7 @@ use lemmy_utils::{ validation::is_valid_body_field, }, }; +const MAX_COMMENT_DEPTH_LIMIT: usize = 100; #[async_trait::async_trait(?Send)] impl PerformCrud for CreateComment { @@ -77,6 +78,7 @@ impl PerformCrud for CreateComment { if parent.post_id != post_id { return Err(LemmyError::from_message("couldnt_create_comment")); } + check_comment_depth(parent)?; } // if no language is set, copy language from parent post/comment @@ -186,3 +188,13 @@ impl PerformCrud for CreateComment { .await } } + +pub fn check_comment_depth(comment: &Comment) -> Result<(), LemmyError> { + let path = &comment.path.0; + let length = path.split('.').collect::>().len(); + if length > MAX_COMMENT_DEPTH_LIMIT { + Err(LemmyError::from_message("max_comment_depth_reached")) + } else { + Ok(()) + } +}