a fork of iceshrimp.net but a tweaked frontend to my personal liking. waow
fediverse
social-media
social
iceshrimp
fedi
[backend/core] Add limits for profile field count & length (ISH-768)
+26
-7
+5
-5
Iceshrimp.Backend/Controllers/Pleroma/Schemas/Entities/PleromaInstanceExtensions.cs
+5
-5
Iceshrimp.Backend/Controllers/Pleroma/Schemas/Entities/PleromaInstanceExtensions.cs
···
1
+
using Iceshrimp.Backend.Core.Configuration;
1
2
using J = System.Text.Json.Serialization.JsonPropertyNameAttribute;
2
3
3
4
namespace Iceshrimp.Backend.Controllers.Pleroma.Schemas.Entities;
···
31
32
[J("fields_limits")] public FieldsLimits FieldsLimits => new();
32
33
}
33
34
34
-
// there doesn't seem to be any limits there, from briefly checking the code
35
35
public class FieldsLimits
36
36
{
37
-
[J("max_fields")] public int MaxFields => int.MaxValue;
38
-
[J("max_remote_fields")] public int MaxRemoteFields => int.MaxValue;
39
-
[J("name_length")] public int NameLength => int.MaxValue;
40
-
[J("value_length")] public int ValueLength => int.MaxValue;
37
+
[J("max_fields")] public int MaxFields => Constants.MaxProfileFields;
38
+
[J("max_remote_fields")] public int MaxRemoteFields => Constants.MaxProfileFields;
39
+
[J("name_length")] public int NameLength => Constants.MaxProfileFieldNameLength;
40
+
[J("value_length")] public int ValueLength => Constants.MaxProfileFieldValueLength;
41
41
}
+4
Iceshrimp.Backend/Core/Configuration/Constants.cs
+4
Iceshrimp.Backend/Core/Configuration/Constants.cs
+17
-2
Iceshrimp.Backend/Core/Services/UserService.cs
+17
-2
Iceshrimp.Backend/Core/Services/UserService.cs
···
315
315
Exception("User host must not be null at this stage"));
316
316
317
317
var fields = actor.Attachments?.OfType<ASField>()
318
-
.Where(p => p is { Name: not null, Value: not null })
318
+
.Where(p => p is { Name.Length: > 0, Value.Length: > 0 })
319
319
.Select(p => new UserProfile.Field
320
320
{
321
321
Name = p.Name!, Value = MfmConverter.FromHtml(p.Value).Mfm
322
-
});
322
+
})
323
+
.Where(p => p is
324
+
{
325
+
Name.Length: <= Constants.MaxProfileFieldNameLength,
326
+
Value.Length: <= Constants.MaxProfileFieldValueLength
327
+
})
328
+
.Take(Constants.MaxProfileFields);
323
329
324
330
var pronouns = actor.Pronouns?.Values.ToDictionary(p => p.Key, p => p.Value ?? "");
325
331
···
368
374
{
369
375
if (user.IsRemoteUser) throw new Exception("This method is only valid for local users");
370
376
if (user.UserProfile == null) throw new Exception("user.UserProfile must not be null at this stage");
377
+
378
+
// @formatter:off
379
+
if (user.UserProfile.Fields.Length > Constants.MaxProfileFields)
380
+
throw GracefulException.BadRequest($"Profile must not contain more than {Constants.MaxProfileFields} fields");
381
+
if (user.UserProfile.Fields.Any(p => p.Name.Length > Constants.MaxProfileFieldNameLength))
382
+
throw GracefulException.BadRequest($"Profile must not contain any fields with a name exceeding {Constants.MaxProfileFieldNameLength} characters");
383
+
if (user.UserProfile.Fields.Any(p => p.Value.Length > Constants.MaxProfileFieldValueLength))
384
+
throw GracefulException.BadRequest($"Profile must not contain any fields with a value exceeding {Constants.MaxProfileFieldValueLength} characters");
385
+
// @formatter:on
371
386
372
387
user.DisplayName = user.DisplayName?.ReplaceLineEndings("\n").Trim();
373
388
user.UserProfile.Description = user.UserProfile.Description?.ReplaceLineEndings("\n").Trim();