fix: enforce maximum number of flags on profile

This commit is contained in:
Sam 2023-05-29 02:59:15 +02:00
parent 453bc42215
commit cb305c96c7
No known key found for this signature in database
GPG key ID: B4EF20DDE721CAA1
2 changed files with 20 additions and 0 deletions

View file

@ -155,6 +155,16 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
} }
} }
// validate flag length
if req.Flags != nil {
if len(*req.Flags) > db.MaxPrideFlags {
return server.APIError{
Code: server.ErrBadRequest,
Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
}
}
}
if err := validateSlicePtr("name", req.Names, u.CustomPreferences); err != nil { if err := validateSlicePtr("name", req.Names, u.CustomPreferences); err != nil {
return *err return *err
} }

View file

@ -109,6 +109,16 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
} }
} }
// validate flag length
if req.Flags != nil {
if len(*req.Flags) > db.MaxPrideFlags {
return server.APIError{
Code: server.ErrBadRequest,
Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
}
}
}
// validate custom preferences // validate custom preferences
if req.CustomPreferences != nil { if req.CustomPreferences != nil {
if count := len(*req.CustomPreferences); count > db.MaxFields { if count := len(*req.CustomPreferences); count > db.MaxFields {