Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-09-27 03:39:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix doubly sanitized strings (#727)

Browse source 
* Add migration to de-sanitize database strings

* Remove SanitizationHelper functions related to XML sanitization

* Remove sanitization usage from website

* Implement suggested changes
This commit is contained in:
Josh 2023-03-30 18:03:08 -05:00 committed by GitHub
commit 50d1d9c7e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 26 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ProjectLighthouse.Servers.Website/Controllers/SlotPageController.cs
View file

@ -68,8 +68,6 @@ public class SlotPageController : ControllerBase
return this.Redirect("~/slot/" + id);
}
// Prevent potential xml injection and censor content
msg = SanitizationHelper.SanitizeString(msg);
msg = CensorHelper.FilterMessage(msg);
bool success = await this.database.PostComment(token.UserId, id, CommentType.Level, msg);

2
ProjectLighthouse.Servers.Website/Controllers/UserPageController.cs
View file

@ -44,8 +44,6 @@ public class UserPageController : ControllerBase
return this.Redirect("~/user/" + id);
}
// Prevent potential xml injection and censor content
msg = SanitizationHelper.SanitizeString(msg);
msg = CensorHelper.FilterMessage(msg);
bool success = await this.database.PostComment(token.UserId, id, CommentType.Profile, msg);

4
ProjectLighthouse.Servers.Website/Pages/SlotSettingsPage.cshtml.cs
View file

@ -29,15 +29,13 @@ public class SlotSettingsPage : BaseLayout
if (avatarHash != null) this.Slot.IconHash = avatarHash;
name = SanitizationHelper.SanitizeString(name);
name = CensorHelper.FilterMessage(name);
if (this.Slot.Name != name && name.Length <= 64) this.Slot.Name = name;
description = SanitizationHelper.SanitizeString(description);
description = CensorHelper.FilterMessage(description);
if (this.Slot.Description != description && description.Length <= 512) this.Slot.Description = description;
labels = LabelHelper.RemoveInvalidLabels(SanitizationHelper.SanitizeString(labels));
labels = LabelHelper.RemoveInvalidLabels(labels);
if (this.Slot.AuthorLabels != labels) this.Slot.AuthorLabels = labels;
// ReSharper disable once InvertIf

1
ProjectLighthouse.Servers.Website/Pages/UserSettingsPage.cshtml.cs
View file

@ -33,7 +33,6 @@ public class UserSettingsPage : BaseLayout
if (avatarHash != null) this.ProfileUser.IconHash = avatarHash;
biography = SanitizationHelper.SanitizeString(biography);
biography = CensorHelper.FilterMessage(biography);
if (this.ProfileUser.Biography != biography && biography.Length <= 512) this.ProfileUser.Biography = biography;