Skip to content

Commit

Permalink
check str input
Browse files Browse the repository at this point in the history
  • Loading branch information
@trim21
trim21 committed Aug 25, 2024
1 parent 49ccb81 commit 0edc5cf
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 0 deletions.
11 changes: 11 additions & 0 deletions server/contrib.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from server.base import AuthorizedRequest, BadRequestException, Request, http_client, pg
from server.model import PatchState, SubjectPatch
from server.router import Router
from server.verify import check_invalid_input_str


router = Router()
Expand Down Expand Up @@ -81,6 +82,8 @@ async def suggest_api(
if not data.reason:
raise ValidationException("missing suggestion description")

check_invalid_input_str(data.name, data.infobox, data.summary, data.reason)

await _validate_captcha(data.cf_turnstile_response)

res = await http_client.get(f"https://next.bgm.tv/p1/wiki/subjects/{subject_id}")
Expand Down Expand Up @@ -200,6 +203,10 @@ async def _(
) -> Response[Any]:
await _validate_captcha(data.cf_turnstile_response)

check_invalid_input_str(
*[x for x in [data.name, data.infobox, data.summary, data.reason] if x is not None]
)

async with pg.acquire() as conn:
async with conn.transaction():
p = await conn.fetchrow(
Expand Down Expand Up @@ -295,6 +302,10 @@ async def creat_episode_patch(
if not data.reason:
raise ValidationException("missing suggestion description")

check_invalid_input_str(
data.name, data.name_cn, data.duration, data.desc, data.airdate, data.reason
)

await _validate_captcha(data.cf_turnstile_response)

res = await http_client.get(f"https://next.bgm.tv/p1/wiki/ep/{episode_id}")
Expand Down
3 changes: 3 additions & 0 deletions server/review.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
from server.base import AuthorizedRequest, BadRequestException, User, http_client, pg
from server.model import EpisodePatch, PatchState, PatchType, SubjectPatch
from server.router import Router
from server.verify import check_invalid_input_str


router = Router()
Expand Down Expand Up @@ -304,6 +305,8 @@ async def handler(
if not data.text:
raise BadRequestException("请填写修改建议")

check_invalid_input_str(data.text)

if patch_type == PatchType.Subject:
p = await pg.fetchval(
"select id from view_subject_patch where id = $1 AND state = $2",
Expand Down
11 changes: 11 additions & 0 deletions server/verify.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import unicodedata

from server.base import BadRequestException


def check_invalid_input_str(*s: str):

Check failure on line 6 in server/verify.py

View workflow job for this annotation

GitHub Actions / mypy 

Function is missing a return type annotation
for ss in s:
for c in ss:
v = unicodedata.category(c)
if v == "Cf": # Format
raise BadRequestException("invalid character {!r}".format(c))

0 comments on commit 0edc5cf

Please sign in to comment.