From ee81ffec09312f142335ef89fe4da989cdefb61d Mon Sep 17 00:00:00 2001 From: ghost Date: Sat, 9 Dec 2023 22:43:29 +0200 Subject: [PATCH] update validation rules --- .env | 6 +++--- src/Controller/RoomController.php | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/.env b/.env index 02fd25d..e4aae1a 100644 --- a/.env +++ b/.env @@ -73,7 +73,7 @@ APP_ADD_ROOM_REMOTE_IP_DELAY=86400 # Skip access limits for banned IPs separated by | APP_ADD_ROOM_REMOTE_IP_DENIED= -# Room name rules (for kevacoin _KEVA_NS_, max length 520) +# Room name rules (for kevacoin _KEVA_NS_, max length is 520) APP_ADD_ROOM_KEVA_NS_VALUE_REGEX=/^[\w\s_-]{2,64}$/ui # Allow remotes to create new posts (submit key/values) @@ -88,5 +88,5 @@ APP_ADD_POST_REMOTE_IP_DENIED= # Post ID rules (for kevacoin key) do not change to keep external KevaChat nodes compatibility APP_ADD_POST_KEY_REGEX=/^([\d]+)@([A-z0-9\.\:\[\]]+)$/ -# Post content rules (for kevacoin value, max length 3072) -APP_ADD_POST_VALUE_REGEX=/^[\w\s\:\.\,\'\"\/\!\?\@\#\%\(\)\[\]\+\-\*\$\%\=]{2,3072}$/ui \ No newline at end of file +# Post content rules (for kevacoin value, max length is 3072) +APP_ADD_POST_VALUE_REGEX=/.*/ui \ No newline at end of file diff --git a/src/Controller/RoomController.php b/src/Controller/RoomController.php index 6fbe9d3..f1da17a 100644 --- a/src/Controller/RoomController.php +++ b/src/Controller/RoomController.php @@ -427,6 +427,19 @@ class RoomController extends AbstractController ); } + // Validate kevacoin value requirements + if (mb_strlen($request->get('message')) < 1 || mb_strlen($request->get('message')) > 3072) + { + return $this->redirectToRoute( + 'room_namespace', + [ + 'namespace' => $request->get('namespace'), + 'message' => $request->get('message'), + 'error' => $translator->trans('Message length out of KevaCoin protocol limits') + ] + ); + } + // Validate message regex if (!preg_match($this->getParameter('app.add.post.value.regex'), $request->get('message'))) { @@ -573,6 +586,18 @@ class RoomController extends AbstractController $request->get('name') ); + // Validate kevacoin key requirements + if (mb_strlen($name) < 1 || mb_strlen($name) > 520) + { + return $this->redirectToRoute( + 'room_namespace', + [ + 'name' => $name, + 'error' => $translator->trans('Name length out of KevaCoin protocol limits') + ] + ); + } + // Validate room name regex if (!preg_match($this->getParameter('app.add.room.keva.ns.value.regex'), $name)) {