From b2d0b9cdba6761deeb6a1ab063612583b0ac9666 Mon Sep 17 00:00:00 2001 From: Paul Hebble Date: Wed, 21 Aug 2024 09:26:05 -0500 Subject: [PATCH 1/3] Raise errors for BDA's gigantic changelogs --- KerbalStuff/blueprints/api.py | 22 +++++++++++++++++----- frontend/coffee/update.coffee | 10 +++++++--- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/KerbalStuff/blueprints/api.py b/KerbalStuff/blueprints/api.py index 53ae2daa..c41eadbf 100644 --- a/KerbalStuff/blueprints/api.py +++ b/KerbalStuff/blueprints/api.py @@ -935,6 +935,13 @@ def update_mod(mod_id: int) -> Tuple[Dict[str, Any], int]: 'Did you mistype the version number?' }, 400 + changelog: Optional[str] = request.form.get('changelog') + if changelog and len(changelog) > ModVersion.changelog.type.length: + return {'error': True, 'reason': f'Changelog is {len(changelog)} bytes, the limit is {ModVersion.changelog.type.length}!'}, 400 + changelog_html = render_markdown(changelog) + if changelog_html and len(changelog_html) > ModVersion.changelog_html.type.length: + return {'error': True, 'reason': f'Rendered changelog is {len(changelog_html)} bytes, the limit is {ModVersion.changelog_html.type.length}!'}, 400 + full_path, relative_path = _get_modversion_paths(mod.name, friendly_version) how_many_chunks = int(request.form.get('dztotalchunkcount', 1)) which_chunk = int(request.form.get('dzchunkindex', 0)) @@ -955,14 +962,13 @@ def update_mod(mod_id: int) -> Tuple[Dict[str, Any], int]: if file_contains_malware(full_path): quarantine_malware(full_path) punish_malware(current_user) - return {'error': True, 'reason': f'Malware detected in upload'}, 400 + return {'error': True, 'reason': 'Malware detected in upload'}, 400 - changelog: Optional[str] = request.form.get('changelog') version = ModVersion(friendly_version=friendly_version, gameversion_id=game_version.id, download_path=relative_path, changelog=changelog, - changelog_html=render_markdown(changelog)) + changelog_html=changelog_html) # Assign a sort index if mod.versions: version.sort_index = max(v.sort_index for v in mod.versions) + 1 @@ -1001,8 +1007,14 @@ def edit_version(mod_id: int) -> Tuple[Dict[str, Any], int]: if len(versions) == 0: return {'error': True, 'reason': 'Version not found'}, 404 version = versions[0] - version.changelog = request.form.get('changelog') - version.changelog_html = render_markdown(version.changelog) + changelog: Optional[str] = request.form.get('changelog') + if changelog and len(changelog) > ModVersion.changelog.type.length: + return {'error': True, 'reason': f'Changelog is {len(changelog)} bytes, the limit is {ModVersion.changelog.type.length}!'}, 400 + changelog_html = render_markdown(changelog) + if changelog_html and len(changelog_html) > ModVersion.changelog_html.type.length: + return {'error': True, 'reason': f'Rendered changelog is {len(changelog_html)} bytes, the limit is {ModVersion.changelog_html.type.length}!'}, 400 + version.changelog = changelog + version.changelog_html = changelog_html mod.updated = datetime.now() # Handle the chunks if sent diff --git a/frontend/coffee/update.coffee b/frontend/coffee/update.coffee index 243671e2..19f92947 100644 --- a/frontend/coffee/update.coffee +++ b/frontend/coffee/update.coffee @@ -3,16 +3,20 @@ editor.render() Dropzone = require('dropzone').Dropzone -error = (name) -> +error = (name, htmlMsg) -> document.getElementById(name).parentElement.classList.add('has-error') document.getElementById('error-alert').classList.remove('hidden') + alert = $("#error-alert") + alert.html if alert.text() == '' then alert.html().concat(htmlMsg) else alert.html().concat("
").concat(htmlMsg) valid = -> a.classList.remove('has-error') for a in document.querySelectorAll('.has-error') document.getElementById('error-alert').classList.add('hidden') + $("#error-alert").text('') - error('version') if $("#version").val() == '' - error('uploader') if Dropzone.forElement('#uploader').files.length != 1 + error('version', 'Version is required!') if $("#version").val() == '' + error('uploader', 'No file uploaded!') if Dropzone.forElement('#uploader').files.length != 1 + error('changelog', "Changelog is #{editor.codemirror.getValue().length} bytes, the limit is 10000!") if editor.codemirror.getValue().length > 10000 return document.querySelectorAll('.has-error').length == 0 From b95ed2afffbe754ce686a7b5f1a78a04d581342a Mon Sep 17 00:00:00 2001 From: Paul Hebble Date: Wed, 21 Aug 2024 11:04:52 -0500 Subject: [PATCH 2/3] Remove deprecated docker compose version field --- docker-compose-prod.yml | 2 -- docker-compose.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml index 0a80f857..d07657d8 100644 --- a/docker-compose-prod.yml +++ b/docker-compose-prod.yml @@ -1,5 +1,3 @@ -version: "3.4" - services: db: image: postgres:11 diff --git a/docker-compose.yml b/docker-compose.yml index e49e003d..8eb8b118 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.4" - services: db: image: postgres:11 From af61f3fe45f9c9f24f5a44e04a71fa58aa84e48e Mon Sep 17 00:00:00 2001 From: Paul Hebble Date: Wed, 21 Aug 2024 11:20:58 -0500 Subject: [PATCH 3/3] Suppress dumb mypy error --- KerbalStuff/common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/KerbalStuff/common.py b/KerbalStuff/common.py index 794c3caa..d470fd8f 100644 --- a/KerbalStuff/common.py +++ b/KerbalStuff/common.py @@ -47,7 +47,7 @@ def allow_iframe_attr(tagname: str, attrib: str, val: str) -> bool: 'iframe': allow_iframe_attr }, css_sanitizer=CSSSanitizer(), - filters=[bleach.linkifier.LinkifyFilter]) + filters=[bleach.linkifier.LinkifyFilter]) # type: ignore[list-item] def first_paragraphs(text: Optional[str]) -> str: