app = Flask(__name__)
app.secret_key = "dev"
+app.config["MAX_CONTENT_LENGTH"] = 50 * 1024 * 1024
@app.route("/")
def index():
elif len(username) < 3:
flash("Username must be at least 3 characters", "error")
error = True
+ elif len(username) > 30:
+ flash("Username cannot be more than 30 characters", "error")
+ error = True
elif password != password_confirm:
flash("Passwords do not match", "error")
query_db("insert into users (username, password, created) values (?, ?, ?)", [username, password, timestamp])
get_db().commit()
- return render_template("login.html", note="User created. Sign in to continue")
+ flash("User created. Please sign in to continue.", "success")
+
+ return redirect("/login")
@app.get("/login")
def login_get():
if not title.isprintable():
flash(f"'{title}' is not a valid song title", "error")
error = True
+ elif len(title) > 80:
+ flash(f"Title cannot be more than 80 characters", "error")
+ error = True
# Check if description is valid
if not description.isprintable():
flash(f"Description contains invalid characters", "error")
error = True
+ elif len(description) > 10_000:
+ flash(f"Description cannot be more than 10k characters", "error")
+ error = True
# Check if tags are valid
tags = request.form["tags"]
tags = [t.strip() for t in tags.split(",")]
for tag in tags:
- if not tag.isprintable():
+ if not tag.isprintable() or len(tag) > 30:
flash(f"'{tag}' is not a valid tag name", "error")
error = True
collaborators = request.form["collabs"]
collaborators = [c.strip() for c in collaborators.split(",")]
for collab in collaborators:
- if not collab.isprintable():
+ if not collab.isprintable() or len(collab) > 31:
flash(f"'{collab}' is not a valid collaborator name", "error")
error = True
</div>
<div class="upload-form">
<label for="title">Title</label>
- <input type="text" name="title" id="song-title" value="{{ song.title }}" required>
+ <input type="text" name="title" id="song-title" value="{{ song.title }}" maxlength="80" required>
</div>
<div class="upload-form">
<label for="description">Description</label>
- <textarea name="description">{{ song.description }}</textarea>
+ <textarea name="description" maxlength="10000">{{ song.description }}</textarea>
</div>
<div class="upload-form">
<label for="tags">Tags</label>
- <input type="text" name="tags" placeholder="country, extratone, vocals, ..." value="{{ ", ".join(song.tags) }}">
+ <input type="text" name="tags" placeholder="country, extratone, vocals, ..." value="{{ ", ".join(song.tags) }}" maxlength="350">
</div>
<div class="upload-form">
<label for="collabs">Collaborators</label>
- <input type="text" name="collabs" placeholder="@fren_user, John Doe, ..." value="{{ ", ".join(song.collaborators) }}">
+ <input type="text" name="collabs" placeholder="@fren_user, John Doe, ..." value="{{ ", ".join(song.collaborators) }}" maxlength="350">
</div>
<div class="upload-form">
<input type="submit" value="Upload">
<form method="post" action="/login">
<div class="login-form">
<label for="username">Username</label>
- <input type="text" name="username" required></input>
+ <input type="text" name="username" maxlength="30" required></input>
</div>
<div class="login-form">
<label for="password">Password</label>
- <input type="password" name="password" required></input>
+ <input type="password" name="password" maxlength="100" required></input>
</div>
<div class="login-form">
<h2> Edit Bio </h2>
<p>Common HTML tags (<a>, <b>, <i>, <img>, etc.) are allowed.</p>
<div class="profile-edit">
- <textarea name="bio">{{ bio }}</textarea>
+ <textarea name="bio" maxlength="10000">{{ bio }}</textarea>
</div>
<div class="profile-edit">
<a href="javascript:hideEditForm();">Cancel</a>
<form method="post">
<div class="signup-form">
<label for="username">Username</label>
- <input type="text" name="username" required></input>
+ <input type="text" name="username" maxlength="30"required></input>
</div>
<div class="signup-form">
<label for="password">Password</label>
- <input type="password" name="password" required></input>
+ <input type="password" name="password" maxlength="100" required></input>
</div>
<div class="signup-form">
<label for="password_confirm">Confirm Password</label>
- <input type="password" name="password_confirm" required></input>
+ <input type="password" name="password_confirm" maxlength="100" required></input>
</div>
<div class="signup-form">
projects / littlesongplace.git / commitdiff