dkforest

commit 362f79692392bd8a36e0babea9fcfd57d13318c2
parent 9d247040e185dcd76dce7a2ef25c54dfea31c349
Author: n0tr1v <n0tr1v@protonmail.com>
Date:   Wed,  5 Apr 2023 16:21:37 -0700

admin compromised?

Diffstat:
M
pkg/web/handlers/admin.go
 | 
5
+++++

1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/admin.go b/pkg/web/handlers/admin.go
@@ -5,6 +5,7 @@ import (
 	"dkforest/pkg/managers"
 	"github.com/jinzhu/gorm"
 	"net/http"
+	"regexp"
 	"strings"
 
 	"dkforest/pkg/config"
@@ -567,6 +568,10 @@ func AdminEditUserHandler(c echo.Context) error {
 	data.Vetted = utils.DoParseBool(c.FormValue("vetted"))
 	data.CollectMetadata = utils.DoParseBool(c.FormValue("collect_metadata"))
 	data.ChatColor = c.FormValue("chat_color")
+	colorRgx := regexp.MustCompile(`#[0-9a-f]{6}`)
+	if !colorRgx.MatchString(data.ChatColor) {
+		data.Errors.Username = "Invalid color format"
+	}
 	data.ChatFont = utils.DoParseInt64(c.FormValue("chat_font"))
 	if data.Username != user.Username {
 		if err := db.CanRenameTo(user.Username, data.Username); err != nil {