vybo/rtnyl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security measure

Browse Source 
no more gooner rcds, mr (h)edgehog

Signed-off-by: Felix <felix@fae5.de>
This commit is contained in:
Felix 2024-11-19 21:19:11 +00:00
parent ba244770b6
commit 9d6e7ed05e
1 changed files with 38 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
index.php
View File

@ -125,19 +125,40 @@ if ($current_user && isset($_POST['content'])) {
$replying_to = null; $replying_to = null;
} }
// Rate limit check
if (!checkRateLimit($current_user, $action, 5, 60)) { if (!checkRateLimit($current_user, $action, 5, 60)) {
echo '<script>alert("An error occurred");</script>'; echo '<script>alert("An error occurred");</script>';
die('Please wait before you do that action again.'); die('Please wait before you do that action again.');
} }
// Function to validate user input
function containsOnlyValidCharacters($string) { function containsOnlyValidCharacters($string) {
// Prüfen, ob der String nur reguläre und lesbare Zeichen enthält. // Check if the string contains only regular readable characters
// Dies schließt Buchstaben, Zahlen, Satzzeichen und typische Unicode-Zeichen ein.
return preg_match('/^[\p{L}\p{N}\p{P}\p{S}\p{Zs}\p{M}]*$/u', $string); return preg_match('/^[\p{L}\p{N}\p{P}\p{S}\p{Zs}\p{M}]*$/u', $string);
} }
// Validate user and replying_to ID
function isValidUsername($username, $accounts) {
return isset($accounts[$username]);
}
function isValidPostID($post_id, $posts) {
return isset($posts[$post_id]);
}
$content = substr($_POST['content'], 0, 280); $content = substr($_POST['content'], 0, 280);
// Validate username
if (!isValidUsername($current_user, $accounts)) {
die('Error: Invalid user.');
}
// Validate the replying_to ID if it's a reply
if ($is_reply && !isValidPostID($replying_to, $posts)) {
die('Error: Invalid post ID for reply.');
}
// Validate content
if (containsOnlyValidCharacters($content)) { if (containsOnlyValidCharacters($content)) {
$new_post = [ $new_post = [
'id' => uniqid(), 'id' => uniqid(),
@ -151,25 +172,25 @@ if ($current_user && isset($_POST['content'])) {
'replying_to' => $replying_to, 'replying_to' => $replying_to,
'image_url' => isset($_POST['image_url']) && preg_match('/\.(jpg|jpeg|png|gif|bmp)$/i', $_POST['image_url']) ? $_POST['image_url'] : null 'image_url' => isset($_POST['image_url']) && preg_match('/\.(jpg|jpeg|png|gif|bmp)$/i', $_POST['image_url']) ? $_POST['image_url'] : null
]; ];
// Add post to posts list
$posts[$new_post['id']] = $new_post; $posts[$new_post['id']] = $new_post;
} else {
// Fehlerbehandlung, wenn ungültige Zeichen gefunden wurden
echo "Error: Your tnyL contains invalid characters. Please re-create your tnyL with valid characters!";
}
// If it's a reply, add the reply ID to the original post // If it's a reply, add the reply ID to the original post
if ($is_reply) { if ($is_reply) {
$posts[$replying_to]['replies'][] = $new_post['id']; $posts[$replying_to]['replies'][] = $new_post['id'];
} }
// Save posts to file
file_put_contents($posts_file, json_encode($posts)); file_put_contents($posts_file, json_encode($posts));
header('Location: /'); header('Location: /');
exit; exit;
} else {
// Handle error for invalid characters
echo "Error: Your post contains invalid characters. Please re-create your post with valid characters!";
}
} }
// Handle post deletion // Handle post deletion
if ($current_user && isset($_GET['delete'])) { if ($current_user && isset($_GET['delete'])) {