Skip to content

Commit

Permalink
added sanityCheck to editKey
Browse files Browse the repository at this point in the history
fixed program.uid accepting user value on snippet creation
  • Loading branch information
AlexHaxe committed Aug 15, 2024
1 parent 0bc2c54 commit 17a726a
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
7 changes: 7 additions & 0 deletions src/Api.hx
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ class Api {
throw 'Unauthorized identifier : $s';
}

public static function checkLength(s:Null<String>, n:Int) {
if (s == null)
return;
if (s.length > n)
throw 'Unauthorized identifier : $s';
}

public static function checkDCE(s:String) {
if (s != "full" && s != "no" && s != "std")
throw 'Invalid dce : $s';
Expand Down
18 changes: 17 additions & 1 deletion src/api/Compiler.hx
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,16 @@ class Compiler {
}

public function prepareProgram(program:ProgramV2) {
if (program.uid != null) {
// don't accept UIDs that the user made up
Api.checkSanity(program.uid);
Api.checkLength(program.uid, 8);
programFolder = Path.join([Api.programsRootFolder, program.uid.substr(0, 2), program.uid]);
if (!FileSystem.isDirectory(programFolder)) {
program.uid = null;
}
}

while (program.uid == null) {
var id = haxe.crypto.Md5.encode(Std.string(Math.random()) + Std.string(Date.now().getTime()));
id = id.substr(0, 8);
Expand All @@ -69,12 +79,18 @@ class Compiler {
}

Api.checkSanity(program.uid);
Api.checkLength(program.uid, 8);
Api.checkSanity(program.mainClass);
Api.checkLength(program.mainClass, 75);
Api.checkDCE(program.dce);
var editKey:String = program.editKey;
var editKey:Null<String> = program.editKey;

if (editKey == null) {
editKey = haxe.crypto.Md5.encode(Std.string(Math.random()) + Std.string(Date.now().getTime()));
} else {
// make sure editKey isn't using any bad characters
Api.checkSanity(program.editKey);
Api.checkLength(program.editKey, 32);
}

programFolder = Path.join([Api.programsRootFolder, program.uid.substr(0, 2), program.uid]);
Expand Down

0 comments on commit 17a726a

Please sign in to comment.