forked from indymedia/epicyon
				
			Check for invalid characters
							parent
							
								
									d0d3d85108
								
							
						
					
					
						commit
						511f5cf192
					
				|  | @ -164,6 +164,7 @@ from shares import getSharesFeedForPerson | |||
| from shares import addShare | ||||
| from shares import removeShare | ||||
| from shares import expireShares | ||||
| from utils import containsInvalidChars | ||||
| from utils import isSystemAccount | ||||
| from utils import setConfigParam | ||||
| from utils import getConfigParam | ||||
|  | @ -11759,6 +11760,11 @@ class PubServer(BaseHTTPRequestHandler): | |||
|                 self.server.POSTbusy = False | ||||
|                 return | ||||
| 
 | ||||
|         if containsInvalidChars(messageBytes.decode("utf-8")): | ||||
|             self._400() | ||||
|             self.server.POSTbusy = False | ||||
|             return | ||||
| 
 | ||||
|         # convert the raw bytes to json | ||||
|         messageJson = json.loads(messageBytes) | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										13
									
								
								utils.py
								
								
								
								
							
							
						
						
									
										13
									
								
								utils.py
								
								
								
								
							|  | @ -273,6 +273,19 @@ def isEvil(domain: str) -> bool: | |||
|     return False | ||||
| 
 | ||||
| 
 | ||||
| def containsInvalidChars(jsonStr: str) -> bool: | ||||
|     """Does the given json string contain invalid characters? | ||||
|     e.g. dubious clacks/admin dogwhistles | ||||
|     """ | ||||
|     invalidStrings = { | ||||
|         '卐', '卍', '࿕', '࿖', '࿗', '࿘' | ||||
|     } | ||||
|     for isInvalid in invalidStrings: | ||||
|         if isInvalid in jsonStr: | ||||
|             return True | ||||
|     return False | ||||
| 
 | ||||
| 
 | ||||
| def createPersonDir(nickname: str, domain: str, baseDir: str, | ||||
|                     dirname: str) -> str: | ||||
|     """Create a directory for a person | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue