commit defbabfb7d624651b0d0ddac5a6a1c52ba8298c3
parent decae0a3e670211642c0e95311f575957ef9d91d
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Mon, 22 May 2023 08:45:08 -0700
actually prevent multiline if user is not allowed
Diffstat:
5 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/pkg/web/handlers/api/v1/bangInterceptor.go b/pkg/web/handlers/api/v1/bangInterceptor.go
@@ -20,7 +20,7 @@ Chats:
Black Hat Chat: ` + config.BhcOnion + `
Forums:
CryptBB: ` + config.CryptbbOnion
- msg, _, _ := ProcessRawMessage(cmd.db, message, "", cmd.authUser.ID, cmd.room.ID, nil)
+ msg, _, _ := ProcessRawMessage(cmd.db, message, "", cmd.authUser.ID, cmd.room.ID, nil, true)
cmd.zeroMsg(msg)
cmd.err = ErrRedirect
}
diff --git a/pkg/web/handlers/api/v1/msgInterceptor.go b/pkg/web/handlers/api/v1/msgInterceptor.go
@@ -25,7 +25,7 @@ func (i MsgInterceptor) InterceptMsg(cmd *Command) {
return
}
- html, taggedUsersIDsMap, err := ProcessRawMessage(cmd.db, cmd.message, cmd.roomKey, cmd.authUser.ID, cmd.room.ID, cmd.upload)
+ html, taggedUsersIDsMap, err := ProcessRawMessage(cmd.db, cmd.message, cmd.roomKey, cmd.authUser.ID, cmd.room.ID, cmd.upload, cmd.authUser.CanUseMultiline)
if err != nil {
cmd.dataMessage = cmd.origMessage
cmd.err = err
@@ -85,9 +85,10 @@ var msgPolicy = bluemonday.NewPolicy().
// ProcessRawMessage return the new html, and a map of tagged users used for notifications
// This function takes an "unsafe" user input "in", and return html which will be safe to render.
func ProcessRawMessage(db *database.DkfDB, in, roomKey string, authUserID database.UserID, roomID database.RoomID,
- upload *database.Upload) (string, map[database.UserID]database.User, error) {
+ upload *database.Upload, canUseMultiline bool) (string, map[database.UserID]database.User, error) {
html, quoted := convertQuote(db, in, roomKey, roomID) // Get raw quote text which is not safe to render
- html = html2.EscapeString(html) // Makes user input safe to render
+ html = convertNewLines(html, canUseMultiline)
+ html = html2.EscapeString(html) // Makes user input safe to render
// All html generated from this point on shall be safe to render.
html = convertPGPClearsignToFile(db, html, authUserID)
html = convertPGPMessageToFile(db, html, authUserID)
diff --git a/pkg/web/handlers/api/v1/slashInterceptor.go b/pkg/web/handlers/api/v1/slashInterceptor.go
@@ -1248,7 +1248,7 @@ func handleInboxCmd(c *Command) (handled bool) {
html = strings.Join(strings.Split(html, "\n"), " ")
}
- html, _, _ = ProcessRawMessage(c.db, html, c.roomKey, c.authUser.ID, c.room.ID, nil)
+ html, _, _ = ProcessRawMessage(c.db, html, c.roomKey, c.authUser.ID, c.room.ID, nil, c.authUser.CanUseMultiline)
c.db.CreateInboxMessage(html, c.room.ID, c.authUser.ID, toUser.ID, true, false, nil)
c.dataMessage = "/inbox " + username + " "
diff --git a/pkg/web/handlers/api/v1/topBarHandler.go b/pkg/web/handlers/api/v1/topBarHandler.go
@@ -448,13 +448,13 @@ func (c *Command) zeroProcMsg(rawMsg string) {
func (c *Command) zeroProcMsgRoom(rawMsg, roomKey string, roomID database.RoomID) {
zeroUser := c.getZeroUser()
- procMsg, _, _ := ProcessRawMessage(c.db, rawMsg, roomKey, c.authUser.ID, roomID, nil)
+ procMsg, _, _ := ProcessRawMessage(c.db, rawMsg, roomKey, c.authUser.ID, roomID, nil, true)
rawMsgRoom(c.db, zeroUser, c.authUser, rawMsg, procMsg, roomKey, roomID)
}
func (c *Command) zeroPublicProcMsgRoom(rawMsg, roomKey string, roomID database.RoomID) {
zeroUser := c.getZeroUser()
- procMsg, _, _ := ProcessRawMessage(c.db, rawMsg, roomKey, c.authUser.ID, roomID, nil)
+ procMsg, _, _ := ProcessRawMessage(c.db, rawMsg, roomKey, c.authUser.ID, roomID, nil, true)
rawMsgRoom(c.db, zeroUser, nil, rawMsg, procMsg, roomKey, roomID)
}
@@ -1077,6 +1077,13 @@ func convertPGPPublicKeyToFile(db *database.DkfDB, html string, authUserID datab
return html
}
+func convertNewLines(html string, canUseMultiline bool) string {
+ if !canUseMultiline {
+ html = strings.ReplaceAll(html, "\n", "")
+ }
+ return html
+}
+
func convertPGPClearsignToFile(db *database.DkfDB, html string, authUserID database.UserID) string {
if b, _ := clearsign.Decode([]byte(html)); b != nil {
startIdx := strings.Index(html, pgpSignedPrefix)
diff --git a/pkg/web/handlers/api/v1/werewolf.go b/pkg/web/handlers/api/v1/werewolf.go
@@ -329,7 +329,7 @@ func (b *Werewolf) isValidPlayerName(name string) bool {
// Narrate register a chat message on behalf of the narrator user
func (b *Werewolf) Narrate(msg string, toUserID *database.UserID, groupID *database.GroupID) {
- html, _, _ := ProcessRawMessage(b.db, msg, "", b.narratorID, b.roomID, nil)
+ html, _, _ := ProcessRawMessage(b.db, msg, "", b.narratorID, b.roomID, nil, true)
b.NarrateRaw(html, toUserID, groupID)
}
