Skip to content

Commit

Permalink
Merge pull request #508 from HebaruSan/fix/changelog-len-err
Browse files Browse the repository at this point in the history
Validate changelog lengths
  • Loading branch information
HebaruSan authored Aug 21, 2024
2 parents 38c9088 + af61f3f commit 2728b7f
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 13 deletions.
22 changes: 17 additions & 5 deletions KerbalStuff/blueprints/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -935,6 +935,13 @@ def update_mod(mod_id: int) -> Tuple[Dict[str, Any], int]:
'Did you mistype the version number?'
}, 400

changelog: Optional[str] = request.form.get('changelog')
if changelog and len(changelog) > ModVersion.changelog.type.length:
return {'error': True, 'reason': f'Changelog is {len(changelog)} bytes, the limit is {ModVersion.changelog.type.length}!'}, 400
changelog_html = render_markdown(changelog)
if changelog_html and len(changelog_html) > ModVersion.changelog_html.type.length:
return {'error': True, 'reason': f'Rendered changelog is {len(changelog_html)} bytes, the limit is {ModVersion.changelog_html.type.length}!'}, 400

full_path, relative_path = _get_modversion_paths(mod.name, friendly_version)
how_many_chunks = int(request.form.get('dztotalchunkcount', 1))
which_chunk = int(request.form.get('dzchunkindex', 0))
Expand All @@ -955,14 +962,13 @@ def update_mod(mod_id: int) -> Tuple[Dict[str, Any], int]:
if file_contains_malware(full_path):
quarantine_malware(full_path)
punish_malware(current_user)
return {'error': True, 'reason': f'Malware detected in upload'}, 400
return {'error': True, 'reason': 'Malware detected in upload'}, 400

changelog: Optional[str] = request.form.get('changelog')
version = ModVersion(friendly_version=friendly_version,
gameversion_id=game_version.id,
download_path=relative_path,
changelog=changelog,
changelog_html=render_markdown(changelog))
changelog_html=changelog_html)
# Assign a sort index
if mod.versions:
version.sort_index = max(v.sort_index for v in mod.versions) + 1
Expand Down Expand Up @@ -1001,8 +1007,14 @@ def edit_version(mod_id: int) -> Tuple[Dict[str, Any], int]:
if len(versions) == 0:
return {'error': True, 'reason': 'Version not found'}, 404
version = versions[0]
version.changelog = request.form.get('changelog')
version.changelog_html = render_markdown(version.changelog)
changelog: Optional[str] = request.form.get('changelog')
if changelog and len(changelog) > ModVersion.changelog.type.length:
return {'error': True, 'reason': f'Changelog is {len(changelog)} bytes, the limit is {ModVersion.changelog.type.length}!'}, 400
changelog_html = render_markdown(changelog)
if changelog_html and len(changelog_html) > ModVersion.changelog_html.type.length:
return {'error': True, 'reason': f'Rendered changelog is {len(changelog_html)} bytes, the limit is {ModVersion.changelog_html.type.length}!'}, 400
version.changelog = changelog
version.changelog_html = changelog_html
mod.updated = datetime.now()

# Handle the chunks if sent
Expand Down
2 changes: 1 addition & 1 deletion KerbalStuff/common.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def allow_iframe_attr(tagname: str, attrib: str, val: str) -> bool:
'iframe': allow_iframe_attr
},
css_sanitizer=CSSSanitizer(),
filters=[bleach.linkifier.LinkifyFilter])
filters=[bleach.linkifier.LinkifyFilter]) # type: ignore[list-item]


def first_paragraphs(text: Optional[str]) -> str:
Expand Down
2 changes: 0 additions & 2 deletions docker-compose-prod.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.4"

services:
db:
image: postgres:11
Expand Down
2 changes: 0 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.4"

services:
db:
image: postgres:11
Expand Down
10 changes: 7 additions & 3 deletions frontend/coffee/update.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,20 @@ editor.render()

Dropzone = require('dropzone').Dropzone

error = (name) ->
error = (name, htmlMsg) ->
document.getElementById(name).parentElement.classList.add('has-error')
document.getElementById('error-alert').classList.remove('hidden')
alert = $("#error-alert")
alert.html if alert.text() == '' then alert.html().concat(htmlMsg) else alert.html().concat("<br/>").concat(htmlMsg)

valid = ->
a.classList.remove('has-error') for a in document.querySelectorAll('.has-error')
document.getElementById('error-alert').classList.add('hidden')
$("#error-alert").text('')

error('version') if $("#version").val() == ''
error('uploader') if Dropzone.forElement('#uploader').files.length != 1
error('version', 'Version is required!') if $("#version").val() == ''
error('uploader', 'No file uploaded!') if Dropzone.forElement('#uploader').files.length != 1
error('changelog', "Changelog is #{editor.codemirror.getValue().length} bytes, the limit is 10000!") if editor.codemirror.getValue().length > 10000

return document.querySelectorAll('.has-error').length == 0

Expand Down

0 comments on commit 2728b7f

Please sign in to comment.