commit d9fe68c4c7603b27e8965c2ab0f19d887ee60903
parent 55f12da3c5c0ee18ec584f195a463b60cbf95b6f
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Thu, 19 Jan 2023 03:32:22 -0800
fix max length verification bypass when uploading a file
Diffstat:
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/pkg/web/handlers/api/v1/msgInterceptor.go b/pkg/web/handlers/api/v1/msgInterceptor.go
@@ -14,9 +14,16 @@ import (
type MsgInterceptor struct{}
func (i MsgInterceptor) InterceptMsg(cmd *Command) {
- // Only check length of message if we're not uploading a file
+ // Only check maximum length of message if we are uploading a file
// Trim whitespaces and ensure minimum length
- if cmd.upload == nil && !utils.ValidateRuneLength(strings.TrimSpace(cmd.message), minMsgLen, maxMsgLen) {
+ trimmedMsg := strings.TrimSpace(cmd.message)
+ if cmd.upload != nil && !utils.ValidateRuneLength(trimmedMsg, 0, maxMsgLen) {
+ cmd.dataMessage = cmd.origMessage
+ cmd.err = fmt.Errorf("maximum %d characters", maxMsgLen)
+ return
+ }
+ // Not uploading a file, check min and max length
+ if cmd.upload == nil && !utils.ValidateRuneLength(trimmedMsg, minMsgLen, maxMsgLen) {
cmd.dataMessage = cmd.origMessage
cmd.err = fmt.Errorf("%d - %d characters", minMsgLen, maxMsgLen)
return
