From 083daccecbc2c4b60f8726d39c337e38836e15a7 Mon Sep 17 00:00:00 2001
From: alyx <alyx@aleteoryx.me>
Date: Sat, 1 Jun 2024 12:13:48 -0400
Subject: add message length caps

---
 .gitignore   |  1 +
 visitors.php | 25 ++++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index c6fd4ee..10f4b34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@
 *.db
 *.json
 *.jsonl
+*.swp
diff --git a/visitors.php b/visitors.php
index 850cefb..b4648ca 100644
--- a/visitors.php
+++ b/visitors.php
@@ -135,6 +135,12 @@ $config['message_rows'] = 5;
 $config['message_cols'] = 60;
 
 
+// Message length limit: int
+//
+// Caps the length of the message.
+
+$config['message_length'] = 2048;
+
 // Form prompt: string
 //
 // Text for a header above the form
@@ -525,6 +531,15 @@ function cleanup_post() {
   }
   $_POST['name'] = htmlentities($_POST['name']);
   $_POST['message'] = htmlentities($_POST['message']);
+
+  if (mb_strlen($_POST['name']) > 128)
+    return 'Name too long!';
+  if (mb_strlen($_POST['message']) > $config['message_length'])
+    return 'Message too long!';
+  if (mb_strlen($_POST['website']) > 2048)
+    return 'Website too long!';
+  if (mb_strlen($_POST['email']) > 2048)
+    return 'Email too long!';
 }
 
 $form_error;
@@ -592,20 +607,20 @@ function render_form() {
       <div id=submission_error><span><?= $form_error ?></span></div>
     <?php endif; ?>
 
-    <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required /><br />
+    <label for=name>Name:</label> <input type=text placeholder='Alice P. Hacker' name=name required maxlength=128 /><br />
 
     <?php if ($config['form_mode'] == 1 || $config['form_mode'] == 2): ?>
-    <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website /><br />
+    <label for=website>Website (optional):</label> <input type=url placeholder='https://example.com' name=website maxlength=2048 /><br />
     <?php endif;
           if ($config['form_mode'] == 2): ?>
-    <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email /><br />
+    <label for=email>E-Mail (optional):</label> <input type=email placeholder='ahacker@example.com' name=email maxlength=2048 /><br />
     <?php endif;
           if ($config['form_mode'] == 3): ?>
-    <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email /><br />
+    <label for=site-or-email>Website or E-Mail (optional):</label> <input type=text pattern='^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$|^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$' placeholder='...' name=site-or-email maxlength=2048 /><br />
     <?php endif; ?>
 
     <label for=message>Message:</label><br />
-    <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required></textarea><br />
+    <textarea name=message placeholder='Write something...' rows="<?= $config['message_rows'] ?>" cols="<?= $config['message_cols'] ?>" required maxlength=<?= $config['message_length'] ?>></textarea><br />
 
     <?php if ($config['captcha']):
             $captcha = $config['captcha_hook']();
-- 
cgit v1.2.3-54-g00ecf