From: Chris Fulljames Date: Sun, 12 Jan 2025 21:05:49 +0000 (-0500) Subject: Add input limits X-Git-Url: https://littlesong.place/gitweb/gitweb.cgi?a=commitdiff_plain;h=89d4abdd8774d1492cc5c711639ed747162c65a3;p=littlesongplace.git Add input limits --- diff --git a/main.py b/main.py index b3d0ba6..f1ac7da 100644 --- a/main.py +++ b/main.py @@ -26,6 +26,7 @@ DATA_DIR = Path(".") app = Flask(__name__) app.secret_key = "dev" +app.config["MAX_CONTENT_LENGTH"] = 50 * 1024 * 1024 @app.route("/") def index(): @@ -49,6 +50,9 @@ def signup_post(): elif len(username) < 3: flash("Username must be at least 3 characters", "error") error = True + elif len(username) > 30: + flash("Username cannot be more than 30 characters", "error") + error = True elif password != password_confirm: flash("Passwords do not match", "error") @@ -69,7 +73,9 @@ def signup_post(): query_db("insert into users (username, password, created) values (?, ?, ?)", [username, password, timestamp]) get_db().commit() - return render_template("login.html", note="User created. Sign in to continue") + flash("User created. Please sign in to continue.", "success") + + return redirect("/login") @app.get("/login") def login_get(): @@ -218,17 +224,23 @@ def validate_song_form(): if not title.isprintable(): flash(f"'{title}' is not a valid song title", "error") error = True + elif len(title) > 80: + flash(f"Title cannot be more than 80 characters", "error") + error = True # Check if description is valid if not description.isprintable(): flash(f"Description contains invalid characters", "error") error = True + elif len(description) > 10_000: + flash(f"Description cannot be more than 10k characters", "error") + error = True # Check if tags are valid tags = request.form["tags"] tags = [t.strip() for t in tags.split(",")] for tag in tags: - if not tag.isprintable(): + if not tag.isprintable() or len(tag) > 30: flash(f"'{tag}' is not a valid tag name", "error") error = True @@ -236,7 +248,7 @@ def validate_song_form(): collaborators = request.form["collabs"] collaborators = [c.strip() for c in collaborators.split(",")] for collab in collaborators: - if not collab.isprintable(): + if not collab.isprintable() or len(collab) > 31: flash(f"'{collab}' is not a valid collaborator name", "error") error = True diff --git a/templates/edit-song.html b/templates/edit-song.html index d43068b..e935e62 100644 --- a/templates/edit-song.html +++ b/templates/edit-song.html @@ -16,19 +16,19 @@
- +
- +
- +
- +
diff --git a/templates/login.html b/templates/login.html index 5d72bc8..9f65f99 100644 --- a/templates/login.html +++ b/templates/login.html @@ -13,12 +13,12 @@