security measure
no more gooner rcds, mr (h)edgehog Signed-off-by: Felix <felix@fae5.de>
This commit is contained in:
parent
ba244770b6
commit
9d6e7ed05e
55
index.php
55
index.php
|
|
@ -125,19 +125,40 @@ if ($current_user && isset($_POST['content'])) {
|
|||
$replying_to = null;
|
||||
}
|
||||
|
||||
// Rate limit check
|
||||
if (!checkRateLimit($current_user, $action, 5, 60)) {
|
||||
echo '<script>alert("An error occurred");</script>';
|
||||
die('Please wait before you do that action again.');
|
||||
}
|
||||
|
||||
// Function to validate user input
|
||||
function containsOnlyValidCharacters($string) {
|
||||
// Prüfen, ob der String nur reguläre und lesbare Zeichen enthält.
|
||||
// Dies schließt Buchstaben, Zahlen, Satzzeichen und typische Unicode-Zeichen ein.
|
||||
// Check if the string contains only regular readable characters
|
||||
return preg_match('/^[\p{L}\p{N}\p{P}\p{S}\p{Zs}\p{M}]*$/u', $string);
|
||||
}
|
||||
|
||||
// Validate user and replying_to ID
|
||||
function isValidUsername($username, $accounts) {
|
||||
return isset($accounts[$username]);
|
||||
}
|
||||
|
||||
function isValidPostID($post_id, $posts) {
|
||||
return isset($posts[$post_id]);
|
||||
}
|
||||
|
||||
$content = substr($_POST['content'], 0, 280);
|
||||
|
||||
// Validate username
|
||||
if (!isValidUsername($current_user, $accounts)) {
|
||||
die('Error: Invalid user.');
|
||||
}
|
||||
|
||||
// Validate the replying_to ID if it's a reply
|
||||
if ($is_reply && !isValidPostID($replying_to, $posts)) {
|
||||
die('Error: Invalid post ID for reply.');
|
||||
}
|
||||
|
||||
// Validate content
|
||||
if (containsOnlyValidCharacters($content)) {
|
||||
$new_post = [
|
||||
'id' => uniqid(),
|
||||
|
|
@ -151,26 +172,26 @@ if ($current_user && isset($_POST['content'])) {
|
|||
'replying_to' => $replying_to,
|
||||
'image_url' => isset($_POST['image_url']) && preg_match('/\.(jpg|jpeg|png|gif|bmp)$/i', $_POST['image_url']) ? $_POST['image_url'] : null
|
||||
];
|
||||
|
||||
// Add post to posts list
|
||||
$posts[$new_post['id']] = $new_post;
|
||||
|
||||
// If it's a reply, add the reply ID to the original post
|
||||
if ($is_reply) {
|
||||
$posts[$replying_to]['replies'][] = $new_post['id'];
|
||||
}
|
||||
|
||||
// Save posts to file
|
||||
file_put_contents($posts_file, json_encode($posts));
|
||||
|
||||
header('Location: /');
|
||||
exit;
|
||||
} else {
|
||||
// Fehlerbehandlung, wenn ungültige Zeichen gefunden wurden
|
||||
echo "Error: Your tnyL contains invalid characters. Please re-create your tnyL with valid characters!";
|
||||
// Handle error for invalid characters
|
||||
echo "Error: Your post contains invalid characters. Please re-create your post with valid characters!";
|
||||
}
|
||||
|
||||
|
||||
|
||||
// If it's a reply, add the reply ID to the original post
|
||||
if ($is_reply) {
|
||||
$posts[$replying_to]['replies'][] = $new_post['id'];
|
||||
}
|
||||
|
||||
file_put_contents($posts_file, json_encode($posts));
|
||||
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
// Handle post deletion
|
||||
if ($current_user && isset($_GET['delete'])) {
|
||||
if (!checkRateLimit($current_user, 'delete_post', 5, 60)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user