diff options
author | alyx <alyx@aleteoryx.me> | 2024-06-01 12:13:48 -0400 |
---|---|---|
committer | alyx <alyx@aleteoryx.me> | 2024-06-01 12:13:48 -0400 |
commit | 083daccecbc2c4b60f8726d39c337e38836e15a7 (patch) | |
tree | b098d47ebf292f1ae23814554676bc5f93e5a848 | |
parent | 14e8b1d3f2ce600e6cb5d39c8e503a11494aa757 (diff) | |
download | visitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.tar.gz visitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.tar.bz2 visitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.zip |
add message length caps
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | visitors.php | 25 |
2 files changed, 21 insertions, 5 deletions
@@ -5,3 +5,4 @@ *.db *.json *.jsonl +*.swp diff --git a/visitors.php b/visitors.php index 850cefb..b4648ca 100644 --- a/visitors.php +++ b/visitors.php @@ -135,6 +135,12 @@ $config['message_rows'] = 5; $config['message_cols'] = 60; +// Message length limit: int +// +// Caps the length of the message. + +$config['message_length'] = 2048; + // Form prompt: string // // Text for a header above the form @@ -525,6 +531,15 @@ function cleanup_post() { } $_POST['name'] = htmlentities($_POST['name']); $_POST['message'] = htmlentities($_POST['message']); + + if (mb_strlen($_POST['name']) > 128) + return 'Name too long!'; + if (mb_strlen($_POST['message']) > $config['message_length']) + return 'Message too long!'; + if (mb_strlen($_POST['website']) > 2048) + return 'Website too long!'; + if (mb_strlen($_POST['email']) > 2048) + return 'Email too long!'; } $form_error; @@ -592,20 +607,20 @@ function render_form() { <div id=submission_error><span><?= $form_error ?></span></div> <?php endif; ?> - <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required /><br /> + <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required maxlength=128 /><br /> <?php if ($config['form_mode'] == 1 || $config['form_mode'] == 2): ?> - <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website /><br /> + <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website maxlength=2048 /><br /> <?php endif; if ($config['form_mode'] == 2): ?> - <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email /><br /> + <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email maxlength=2048 /><br /> <?php endif; if ($config['form_mode'] == 3): ?> - <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email /><br /> + <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email maxlength=2048 /><br /> <?php endif; ?> <label for=message>Message:</label><br /> - <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required></textarea><br /> + <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required maxlength=<?= $config['message_length'] ?>></textarea><br /> <?php if ($config['captcha']): $captcha = $config['captcha_hook'](); |