fix: [paste_submit] restrict source characters

pull/569/head
Terrtia 2021-05-31 15:31:41 +02:00
parent a2ebd09c2a
commit d4829273c5
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 12 additions and 5 deletions

View File

@ -7,6 +7,7 @@
################################## ##################################
# Import External packages # Import External packages
################################## ##################################
import re
import os import os
import sys import sys
import json import json
@ -278,12 +279,18 @@ def submit():
paste_content = request.form['paste_content'] paste_content = request.form['paste_content']
paste_source = request.form['paste_source'] paste_source = request.form['paste_source']
if paste_source:
# limit source length # limit source length
paste_source = paste_source.replace('/', '')[:80] paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']: if paste_source in ['crawled', 'tests']:
content = f'Invalid source' content = f'Invalid source'
logger.info(paste_source) logger.info(paste_source)
return content, 400 return content, 400
if not re.match('^[0-9a-zA-Z-_\+@#&\.;=:!]*$', paste_source):
content = f'Invalid source name: Forbidden character(s)'
logger.info(content)
return content, 400
is_file = False is_file = False
if 'file' in request.files: if 'file' in request.files: