fix: [paste_submit] restrict source characters

This commit is contained in:
Terrtia 2021-05-31 15:31:41 +02:00
parent a2ebd09c2a
commit d4829273c5
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0

View file

@ -7,6 +7,7 @@
################################## ##################################
# Import External packages # Import External packages
################################## ##################################
import re
import os import os
import sys import sys
import json import json
@ -278,6 +279,7 @@ def submit():
paste_content = request.form['paste_content'] paste_content = request.form['paste_content']
paste_source = request.form['paste_source'] paste_source = request.form['paste_source']
if paste_source:
# limit source length # limit source length
paste_source = paste_source.replace('/', '')[:80] paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']: if paste_source in ['crawled', 'tests']:
@ -285,6 +287,11 @@ def submit():
logger.info(paste_source) logger.info(paste_source)
return content, 400 return content, 400
if not re.match('^[0-9a-zA-Z-_\+@#&\.;=:!]*$', paste_source):
content = f'Invalid source name: Forbidden character(s)'
logger.info(content)
return content, 400
is_file = False is_file = False
if 'file' in request.files: if 'file' in request.files:
file_import = request.files['file'] file_import = request.files['file']