liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a character limit to avatar URLs (256 for now)

Browse Source
This commit is contained in:
Ske 2020-05-05 16:04:17 +02:00
parent 2579683da9
commit f803b9a392
5 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PluralKit.API/Utils/JsonModelExt.cs
View File

@ -31,7 +31,7 @@ namespace PluralKit.API
if (o.ContainsKey("name")) system.Name = o.Value<string>("name").NullIfEmpty().BoundsCheckField(Limits.MaxSystemNameLength, "System name");
if (o.ContainsKey("description")) system.Description = o.Value<string>("description").NullIfEmpty().BoundsCheckField(Limits.MaxDescriptionLength, "System description");
if (o.ContainsKey("tag")) system.Tag = o.Value<string>("tag").NullIfEmpty().BoundsCheckField(Limits.MaxSystemTagLength, "System tag");
if (o.ContainsKey("avatar_url")) system.AvatarUrl = o.Value<string>("avatar_url").NullIfEmpty();
if (o.ContainsKey("avatar_url")) system.AvatarUrl = o.Value<string>("avatar_url").NullIfEmpty().BoundsCheckField(Limits.MaxUriLength, "System avatar URL");
if (o.ContainsKey("tz")) system.UiTz = o.Value<string>("tz") ?? "UTC";
if (o.ContainsKey("description_privacy")) system.DescriptionPrivacy = o.Value<string>("description_privacy").ParsePrivacy("description");

2
PluralKit.Bot/Commands/MemberAvatar.cs
View File

@ -72,6 +72,7 @@ namespace PluralKit.Bot
}
else if (ctx.RemainderOrNull() is string url)
{
if (url.Length > Limits.MaxUriLength) throw Errors.InvalidUrl(url);
await AvatarUtils.VerifyAvatarOrThrow(url);
target.AvatarUrl = url;
await _data.SaveMember(target);
@ -141,6 +142,7 @@ namespace PluralKit.Bot
}
else if (ctx.RemainderOrNull() is string url)
{
if (url.Length > Limits.MaxUriLength) throw Errors.InvalidUrl(url);
await AvatarUtils.VerifyAvatarOrThrow(url);
guildData.AvatarUrl = url;
await _data.SetMemberGuildSettings(target, ctx.Guild.Id, guildData);

1
PluralKit.Bot/Commands/SystemEdit.cs
View File

@ -156,6 +156,7 @@ namespace PluralKit.Bot
{
// They can't both be null - otherwise we would've hit the conditional at the very top
string url = ctx.RemainderOrNull() ?? ctx.Message.Attachments.FirstOrDefault()?.ProxyUrl;
if (url?.Length > Limits.MaxUriLength) throw Errors.InvalidUrl(url);
await ctx.BusyIndicator(() => AvatarUtils.VerifyAvatarOrThrow(url));
ctx.System.AvatarUrl = url;

1
PluralKit.Bot/Errors.cs
View File

@ -59,6 +59,7 @@ namespace PluralKit.Bot {
public static PKError AvatarInvalid => new PKError($"Could not read image file - perhaps it's corrupted or the wrong format. Try a different image.");
public static PKError UserHasNoAvatar => new PKError("The given user has no avatar set.");
public static PKError InvalidUrl(string url) => new PKError($"The given URL is invalid.");
public static PKError UrlTooLong(string url) => new PKError($"The given URL is too long ({url.Length}/{Limits.MaxUriLength} characters).");
public static PKError AccountAlreadyLinked => new PKError("That account is already linked to your system.");
public static PKError AccountNotLinked => new PKError("That account isn't linked to your system.");

2
PluralKit.Core/Utils/Limits.cs
View File

@ -10,7 +10,7 @@ namespace PluralKit.Core {
public static readonly int MaxDescriptionLength = 1000;
public static readonly int MaxMemberNameLength = 100; // Fair bit larger than MaxProxyNameLength for bookkeeping
public static readonly int MaxPronounsLength = 100;
public static readonly int MaxUriLength = 256; // May need to be set higher, I know there are URLs longer than this in prod (they can rehost, I guess...)
public static readonly long AvatarFileSizeLimit = 1024 * 1024;
public static readonly int AvatarDimensionLimit = 1000;
}