Add maximum field length settings

Resolves #166.

imgboard.php

@@ -230,9 +230,11 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 	if (!$loggedin) {
 		checkCAPTCHA(TINYIB_CAPTCHA);
 		checkBanned();
-		checkMessageSize();
 		checkFlood();
 	}
+	if (!$rawpost) {
+		checkMessageSize();
+	}
 
 	$post = newPost(setParent());
 	$hide_fields = $post['parent'] == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields;
@@ -250,12 +252,21 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 	if ($rawpost || !in_array('name', $hide_fields)) {
 		list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
 		$post['name'] = cleanString(substr($post['name'], 0, 75));
+		if (!$rawpost && TINYIB_MAXNAME > 0) {
+			$post['name'] = substr($post['name'], 0, TINYIB_MAXNAME);
+		}
 	}
 	if ($rawpost || !in_array('email', $hide_fields)) {
 		$post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75)));
+		if (!$rawpost && TINYIB_MAXEMAIL > 0) {
+			$post['email'] = substr($post['email'], 0, TINYIB_MAXEMAIL);
+		}
 	}
 	if ($rawpost || !in_array('subject', $hide_fields)) {
 		$post['subject'] = cleanString(substr($_POST['subject'], 0, 75));
+		if (!$rawpost && TINYIB_MAXSUBJECT > 0) {
+			$post['subject'] = substr($post['subject'], 0, TINYIB_MAXSUBJECT);
+		}
 	}
 	if ($rawpost || !in_array('message', $hide_fields)) {
 		$post['message'] = $_POST['message'];

inc/defines.php

@@ -19,6 +19,18 @@ if (!defined('TINYIB_INDEX')) {
 if (!defined('TINYIB_MAXREPLIES')) {
 	define('TINYIB_MAXREPLIES', 0);
 }
+if (!defined('TINYIB_MAXNAME')) {
+	define('TINYIB_MAXNAME', 75);
+}
+if (!defined('TINYIB_MAXEMAIL')) {
+	define('TINYIB_MAXEMAIL', 320);
+}
+if (!defined('TINYIB_MAXSUBJECT')) {
+	define('TINYIB_MAXSUBJECT', 75);
+}
+if (!defined('TINYIB_MAXMESSAGE')) {
+	define('TINYIB_MAXMESSAGE', 8000);
+}
 if (!defined('TINYIB_MAXWOP')) {
 	define('TINYIB_MAXWOP', TINYIB_MAXW);
 }

inc/functions.php

@@ -307,8 +307,8 @@ function checkFlood() {
 }
 
 function checkMessageSize() {
-	if (strlen($_POST["message"]) > 8000) {
-		fancyDie(sprintf(__('Please shorten your message, or post it in multiple parts. Your message is %1$d characters long, and the maximum allowed is %2$d.'), strlen($_POST["message"]), 8000));
+	if (TINYIB_MAXMESSAGE > 0 && strlen($_POST['message']) > TINYIB_MAXMESSAGE) {
+		fancyDie(sprintf(__('Please shorten your message, or post it in multiple parts. Your message is %1$d characters long, and the maximum allowed is %2$d.'), strlen($_POST['message']), TINYIB_MAXMESSAGE));
 	}
 }
 

inc/html.php

@@ -91,6 +91,23 @@ function buildPostForm($parent, $raw_post = false) {
 	$form_extra = '<input type="hidden" name="parent" value="' . $parent . '">';
 	$input_extra = '';
 	$rules_extra = '';
+
+	$maxlen_name = -1;
+	$maxlen_email = -1;
+	$maxlen_subject = -1;
+	$maxlen_message = -1;
+	if (TINYIB_MAXNAME > 0) {
+		$maxlen_name = TINYIB_MAXNAME;
+	}
+	if (TINYIB_MAXEMAIL > 0) {
+		$maxlen_email = TINYIB_MAXEMAIL;
+	}
+	if (TINYIB_MAXSUBJECT > 0) {
+		$maxlen_subject = TINYIB_MAXSUBJECT;
+	}
+	if (TINYIB_MAXMESSAGE > 0) {
+		$maxlen_message = TINYIB_MAXMESSAGE;
+	}
 	if ($raw_post) {
 		$txt_reply_to = __('Reply to');
 		$txt_new_thread = __('0 to start a new thread');
@@ -115,6 +132,11 @@ EOF;
 								<li>$txt_info_2</li>
 							</ul><br>
 EOF;
+
+		$maxlen_name = -1;
+		$maxlen_email = -1;
+		$maxlen_subject = -1;
+		$maxlen_message = -1;
 	}
 
 	$max_file_size_input_html = '';
@@ -241,7 +263,7 @@ EOF;
 							$txt_name
 						</td>
 						<td>
-							<input type="text" name="name" size="28" maxlength="75" accesskey="n">
+							<input type="text" name="name" size="28" maxlength="{$maxlen_name}" accesskey="n">
 							{$postform_extra['name']}
 						</td>
 					</tr>
@@ -255,7 +277,7 @@ EOF;
 							$txt_email
 						</td>
 						<td>
-							<input type="text" name="email" size="28" maxlength="75" accesskey="e">
+							<input type="text" name="email" size="28" maxlength="{$maxlen_email}" accesskey="e">
 							{$postform_extra['email']}
 						</td>
 					</tr>
@@ -269,7 +291,7 @@ EOF;
 							$txt_subject
 						</td>
 						<td>
-							<input type="text" name="subject" size="40" maxlength="75" accesskey="s" autocomplete="off">
+							<input type="text" name="subject" size="40" maxlength="{$maxlen_subject}" accesskey="s" autocomplete="off">
 							{$postform_extra['subject']}
 						</td>
 					</tr>
@@ -283,7 +305,7 @@ EOF;
 							$txt_message
 						</td>
 						<td>
-							<textarea id="message" name="message" cols="48" rows="4" accesskey="m"></textarea>
+							<textarea id="message" name="message" cols="48" rows="4" maxlength="{$maxlen_message}" accesskey="m"></textarea>
 						</td>
 					</tr>
 EOF;

settings.default.php

@@ -47,6 +47,10 @@ $tinyib_capcodes = array(array('Admin', 'red'), array('Mod', 'purple')); // Admi
 define('TINYIB_DELAY', 30);           // Delay (in seconds) between posts from the same IP address to help control flooding  [0 to disable]
 define('TINYIB_MAXTHREADS', 100);     // Oldest threads are discarded when the thread count passes this limit  [0 to disable]
 define('TINYIB_MAXREPLIES', 0);       // Maximum replies before a thread stops bumping  [0 to disable]
+define('TINYIB_MAXNAME', 75);         // Maximum name length  [0 to disable]
+define('TINYIB_MAXEMAIL', 320);       // Maximum email length  [0 to disable]
+define('TINYIB_MAXSUBJECT', 75);      // Maximum subject length  [0 to disable]
+define('TINYIB_MAXMESSAGE', 8000);    // Maximum message length  [0 to disable]
 
 // Upload types
 //   Empty array to disable