add icon sanitisation

This commit is contained in:
Howl 2016-11-23 20:19:11 +01:00
parent 8dc5af9406
commit b0c4eb24e5
2 changed files with 34 additions and 3 deletions

View File

@ -1,6 +1,11 @@
package v1 package v1
import "git.zxq.co/ripple/rippleapi/common" import (
"strings"
"git.zxq.co/ripple/rippleapi/common"
"git.zxq.co/ripple/semantic-icons-ugc"
)
type donorInfoResponse struct { type donorInfoResponse struct {
common.ResponseBase common.ResponseBase
@ -61,7 +66,13 @@ func UsersSelfSettingsPOST(md common.MethodData) common.CodeMessager {
// input sanitisation // input sanitisation
d.UsernameAKA = common.SanitiseString(d.UsernameAKA) d.UsernameAKA = common.SanitiseString(d.UsernameAKA)
if md.User.UserPrivileges&common.UserPrivilegeDonor > 0 {
d.CustomBadge.Name = common.SanitiseString(d.CustomBadge.Name) d.CustomBadge.Name = common.SanitiseString(d.CustomBadge.Name)
d.CustomBadge.Icon = sanitiseIconName(d.CustomBadge.Icon)
} else {
d.CustomBadge.singleBadge = singleBadge{}
d.CustomBadge.Show = nil
}
d.FavouriteMode = intPtrIn(0, d.FavouriteMode, 3) d.FavouriteMode = intPtrIn(0, d.FavouriteMode, 3)
q := new(common.UpdateQuery). q := new(common.UpdateQuery).
@ -79,6 +90,26 @@ func UsersSelfSettingsPOST(md common.MethodData) common.CodeMessager {
return UsersSelfSettingsGET(md) return UsersSelfSettingsGET(md)
} }
func sanitiseIconName(s string) string {
classes := strings.Split(s, " ")
n := make([]string, 0, len(classes))
for _, c := range classes {
if !in(c, n) && in(c, semanticiconsugc.SaneIcons) {
n = append(n, c)
}
}
return strings.Join(n, " ")
}
func in(a string, b []string) bool {
for _, x := range b {
if x == a {
return true
}
}
return false
}
type userSettingsResponse struct { type userSettingsResponse struct {
common.ResponseBase common.ResponseBase
ID int `json:"id"` ID int `json:"id"`

View File

@ -8,7 +8,7 @@ import (
func SanitiseString(s string) string { func SanitiseString(s string) string {
n := make([]rune, 0, len(s)) n := make([]rune, 0, len(s))
for _, c := range s { for _, c := range s {
if !unicode.Is(unicode.Other, c) { if c == '\n' || !unicode.Is(unicode.Other, c) {
n = append(n, c) n = append(n, c)
} }
} }