From d36f250e8ce96cc134f79c2c69838a0a420b0807 Mon Sep 17 00:00:00 2001 From: Trevor Slocum Date: Thu, 28 Jan 2021 15:03:30 -0800 Subject: [PATCH] Add maximum field length settings Resolves #166. --- imgboard.php | 13 ++++++++++++- inc/defines.php | 12 ++++++++++++ inc/functions.php | 4 ++-- inc/html.php | 30 ++++++++++++++++++++++++++---- settings.default.php | 4 ++++ 5 files changed, 56 insertions(+), 7 deletions(-) diff --git a/imgboard.php b/imgboard.php index d3d59f5..99bab4f 100644 --- a/imgboard.php +++ b/imgboard.php @@ -230,9 +230,11 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) if (!$loggedin) { checkCAPTCHA(TINYIB_CAPTCHA); checkBanned(); - checkMessageSize(); checkFlood(); } + if (!$rawpost) { + checkMessageSize(); + } $post = newPost(setParent()); $hide_fields = $post['parent'] == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields; @@ -250,12 +252,21 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) if ($rawpost || !in_array('name', $hide_fields)) { list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']); $post['name'] = cleanString(substr($post['name'], 0, 75)); + if (!$rawpost && TINYIB_MAXNAME > 0) { + $post['name'] = substr($post['name'], 0, TINYIB_MAXNAME); + } } if ($rawpost || !in_array('email', $hide_fields)) { $post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75))); + if (!$rawpost && TINYIB_MAXEMAIL > 0) { + $post['email'] = substr($post['email'], 0, TINYIB_MAXEMAIL); + } } if ($rawpost || !in_array('subject', $hide_fields)) { $post['subject'] = cleanString(substr($_POST['subject'], 0, 75)); + if (!$rawpost && TINYIB_MAXSUBJECT > 0) { + $post['subject'] = substr($post['subject'], 0, TINYIB_MAXSUBJECT); + } } if ($rawpost || !in_array('message', $hide_fields)) { $post['message'] = $_POST['message']; diff --git a/inc/defines.php b/inc/defines.php index 30a29c9..bbe4645 100644 --- a/inc/defines.php +++ b/inc/defines.php @@ -19,6 +19,18 @@ if (!defined('TINYIB_INDEX')) { if (!defined('TINYIB_MAXREPLIES')) { define('TINYIB_MAXREPLIES', 0); } +if (!defined('TINYIB_MAXNAME')) { + define('TINYIB_MAXNAME', 75); +} +if (!defined('TINYIB_MAXEMAIL')) { + define('TINYIB_MAXEMAIL', 320); +} +if (!defined('TINYIB_MAXSUBJECT')) { + define('TINYIB_MAXSUBJECT', 75); +} +if (!defined('TINYIB_MAXMESSAGE')) { + define('TINYIB_MAXMESSAGE', 8000); +} if (!defined('TINYIB_MAXWOP')) { define('TINYIB_MAXWOP', TINYIB_MAXW); } diff --git a/inc/functions.php b/inc/functions.php index 185e192..0bb911b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -307,8 +307,8 @@ function checkFlood() { } function checkMessageSize() { - if (strlen($_POST["message"]) > 8000) { - fancyDie(sprintf(__('Please shorten your message, or post it in multiple parts. Your message is %1$d characters long, and the maximum allowed is %2$d.'), strlen($_POST["message"]), 8000)); + if (TINYIB_MAXMESSAGE > 0 && strlen($_POST['message']) > TINYIB_MAXMESSAGE) { + fancyDie(sprintf(__('Please shorten your message, or post it in multiple parts. Your message is %1$d characters long, and the maximum allowed is %2$d.'), strlen($_POST['message']), TINYIB_MAXMESSAGE)); } } diff --git a/inc/html.php b/inc/html.php index f6b71ae..b98ea85 100644 --- a/inc/html.php +++ b/inc/html.php @@ -91,6 +91,23 @@ function buildPostForm($parent, $raw_post = false) { $form_extra = ''; $input_extra = ''; $rules_extra = ''; + + $maxlen_name = -1; + $maxlen_email = -1; + $maxlen_subject = -1; + $maxlen_message = -1; + if (TINYIB_MAXNAME > 0) { + $maxlen_name = TINYIB_MAXNAME; + } + if (TINYIB_MAXEMAIL > 0) { + $maxlen_email = TINYIB_MAXEMAIL; + } + if (TINYIB_MAXSUBJECT > 0) { + $maxlen_subject = TINYIB_MAXSUBJECT; + } + if (TINYIB_MAXMESSAGE > 0) { + $maxlen_message = TINYIB_MAXMESSAGE; + } if ($raw_post) { $txt_reply_to = __('Reply to'); $txt_new_thread = __('0 to start a new thread'); @@ -115,6 +132,11 @@ EOF;
  • $txt_info_2

    • EOF; + + $maxlen_name = -1; + $maxlen_email = -1; + $maxlen_subject = -1; + $maxlen_message = -1; } $max_file_size_input_html = ''; @@ -241,7 +263,7 @@ EOF; $txt_name - + {$postform_extra['name']} @@ -255,7 +277,7 @@ EOF; $txt_email - + {$postform_extra['email']} @@ -269,7 +291,7 @@ EOF; $txt_subject - + {$postform_extra['subject']} @@ -283,7 +305,7 @@ EOF; $txt_message - + EOF; diff --git a/settings.default.php b/settings.default.php index 9368de5..9a0bdec 100644 --- a/settings.default.php +++ b/settings.default.php @@ -47,6 +47,10 @@ $tinyib_capcodes = array(array('Admin', 'red'), array('Mod', 'purple')); // Admi define('TINYIB_DELAY', 30); // Delay (in seconds) between posts from the same IP address to help control flooding [0 to disable] define('TINYIB_MAXTHREADS', 100); // Oldest threads are discarded when the thread count passes this limit [0 to disable] define('TINYIB_MAXREPLIES', 0); // Maximum replies before a thread stops bumping [0 to disable] +define('TINYIB_MAXNAME', 75); // Maximum name length [0 to disable] +define('TINYIB_MAXEMAIL', 320); // Maximum email length [0 to disable] +define('TINYIB_MAXSUBJECT', 75); // Maximum subject length [0 to disable] +define('TINYIB_MAXMESSAGE', 8000); // Maximum message length [0 to disable] // Upload types // Empty array to disable