aboutsummaryrefslogtreecommitdiffstats
path: root/visitors.php
diff options
context:
space:
mode:
authoralyx <alyx@aleteoryx.me>2024-06-01 12:13:48 -0400
committeralyx <alyx@aleteoryx.me>2024-06-01 12:13:48 -0400
commit083daccecbc2c4b60f8726d39c337e38836e15a7 (patch)
treeb098d47ebf292f1ae23814554676bc5f93e5a848 /visitors.php
parent14e8b1d3f2ce600e6cb5d39c8e503a11494aa757 (diff)
downloadvisitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.tar.gz
visitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.tar.bz2
visitors_dot_php-083daccecbc2c4b60f8726d39c337e38836e15a7.zip
add message length caps
Diffstat (limited to 'visitors.php')
-rw-r--r--visitors.php25
1 files changed, 20 insertions, 5 deletions
diff --git a/visitors.php b/visitors.php
index 850cefb..b4648ca 100644
--- a/visitors.php
+++ b/visitors.php
@@ -135,6 +135,12 @@ $config['message_rows'] = 5;
$config['message_cols'] = 60;
+// Message length limit: int
+//
+// Caps the length of the message.
+
+$config['message_length'] = 2048;
+
// Form prompt: string
//
// Text for a header above the form
@@ -525,6 +531,15 @@ function cleanup_post() {
}
$_POST['name'] = htmlentities($_POST['name']);
$_POST['message'] = htmlentities($_POST['message']);
+
+ if (mb_strlen($_POST['name']) > 128)
+ return 'Name too long!';
+ if (mb_strlen($_POST['message']) > $config['message_length'])
+ return 'Message too long!';
+ if (mb_strlen($_POST['website']) > 2048)
+ return 'Website too long!';
+ if (mb_strlen($_POST['email']) > 2048)
+ return 'Email too long!';
}
$form_error;
@@ -592,20 +607,20 @@ function render_form() {
<div id=submission_error><span><?= $form_error ?></span></div>
<?php endif; ?>
- <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required /><br />
+ <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required maxlength=128 /><br />
<?php if ($config['form_mode'] == 1 || $config['form_mode'] == 2): ?>
- <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website /><br />
+ <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website maxlength=2048 /><br />
<?php endif;
if ($config['form_mode'] == 2): ?>
- <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email /><br />
+ <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email maxlength=2048 /><br />
<?php endif;
if ($config['form_mode'] == 3): ?>
- <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email /><br />
+ <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email maxlength=2048 /><br />
<?php endif; ?>
<label for=message>Message:</label><br />
- <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required></textarea><br />
+ <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required maxlength=<?= $config['message_length'] ?>></textarea><br />
<?php if ($config['captcha']):
$captcha = $config['captcha_hook']();