fix: [paste_submit] restrict source characters

pull/569/head
Terrtia 2021-05-31 15:31:41 +02:00
parent a2ebd09c2a
commit d4829273c5
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 12 additions and 5 deletions

View File

@ -7,6 +7,7 @@
##################################
# Import External packages
##################################
import re
import os
import sys
import json
@ -278,6 +279,7 @@ def submit():
paste_content = request.form['paste_content']
paste_source = request.form['paste_source']
if paste_source:
# limit source length
paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']:
@ -285,6 +287,11 @@ def submit():
logger.info(paste_source)
return content, 400
if not re.match('^[0-9a-zA-Z-_\+@#&\.;=:!]*$', paste_source):
content = f'Invalid source name: Forbidden character(s)'
logger.info(content)
return content, 400
is_file = False
if 'file' in request.files:
file_import = request.files['file']