From 2d5b141027f09a2115e95777ef1ba814dbde1b93 Mon Sep 17 00:00:00 2001 From: veganedge Date: Sun, 9 Feb 2025 12:55:05 -0800 Subject: [PATCH 1/3] RM96 - adding validation to image url inputs --- .../manage/PanelCreationForm.svelte | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/frontend/src/components/manage/PanelCreationForm.svelte b/frontend/src/components/manage/PanelCreationForm.svelte index 81785a7..5b20d95 100644 --- a/frontend/src/components/manage/PanelCreationForm.svelte +++ b/frontend/src/components/manage/PanelCreationForm.svelte @@ -147,8 +147,8 @@
- - + +
@@ -269,6 +269,21 @@ }; } + // Function to validate image URL + function validateImageUrl(url) { + const validExtensions = ['.gif', '.jpg', '.jpeg', '.png', '.webp']; + return validExtensions.some(ext => url.endsWith(ext)); + } + + // Function to handle input validation + function handleImageUrlInput(event) { + const url = event.target.value; + if (url && !validateImageUrl(url)) { + alert('Invalid image URL. Please use a URL ending with .gif, .jpg, .jpeg, .png, or .webp'); + event.target.value = ''; + } + } + function updateColour() { data.colour = colourToInt(tempColour); } From a1ba1478a420dce1506cba056dffea741dbd1569 Mon Sep 17 00:00:00 2001 From: veganedge Date: Tue, 11 Feb 2025 05:35:47 -0800 Subject: [PATCH 2/3] adding filetype validation to the image URL inputs and the thumbnail URL input --- app/http/endpoints/api/panel/validation.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/http/endpoints/api/panel/validation.go b/app/http/endpoints/api/panel/validation.go index 57e87e3..d9df7e2 100644 --- a/app/http/endpoints/api/panel/validation.go +++ b/app/http/endpoints/api/panel/validation.go @@ -167,12 +167,12 @@ func validateEmoji(c PanelValidationContext) validation.ValidationFunc { } } -var urlRegex = regexp.MustCompile(`^https?://([-a-zA-Z0-9@:%._+~#=]{1,256})\.[a-zA-Z0-9()]{1,63}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)$`) +var urlRegex = regexp.MustCompile(`^https?://([-a-zA-Z0-9@:%._+~#=]{1,256})\.[a-zA-Z0-9()]{1,63}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*\.(?:gif|jpg|jpeg|png|webp))$`) func validateNullableUrl(url *string) validation.ValidationFunc { return func() error { if url != nil && (len(*url) > 255 || !urlRegex.MatchString(*url)) { - return validation.NewInvalidInputError("Invalid URL") + return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp") } return nil @@ -361,13 +361,13 @@ func validateEmbed(e *types.CustomEmbed) error { if e == nil || e.Title != nil || e.Description != nil || len(e.Fields) > 0 || e.ImageUrl != nil || e.ThumbnailUrl != nil { if e.ImageUrl != nil && (len(*e.ImageUrl) > 255 || !urlRegex.MatchString(*e.ImageUrl)) { if *e.ImageUrl != "%avatar_url%" { - return validation.NewInvalidInputError("Invalid URL") + return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp") } } if e.ThumbnailUrl != nil && (len(*e.ThumbnailUrl) > 255 || !urlRegex.MatchString(*e.ThumbnailUrl)) { if *e.ThumbnailUrl != "%avatar_url%" { - return validation.NewInvalidInputError("Invalid URL") + return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp") } } From a9de96f30f0ab6ca8a131e72cbfc1ad6c190b62a Mon Sep 17 00:00:00 2001 From: veganedge Date: Tue, 11 Feb 2025 05:39:35 -0800 Subject: [PATCH 3/3] moving url input validation to proper file --- .../manage/PanelCreationForm.svelte | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/frontend/src/components/manage/PanelCreationForm.svelte b/frontend/src/components/manage/PanelCreationForm.svelte index 5b20d95..81785a7 100644 --- a/frontend/src/components/manage/PanelCreationForm.svelte +++ b/frontend/src/components/manage/PanelCreationForm.svelte @@ -147,8 +147,8 @@
- - + +
@@ -269,21 +269,6 @@ }; } - // Function to validate image URL - function validateImageUrl(url) { - const validExtensions = ['.gif', '.jpg', '.jpeg', '.png', '.webp']; - return validExtensions.some(ext => url.endsWith(ext)); - } - - // Function to handle input validation - function handleImageUrlInput(event) { - const url = event.target.value; - if (url && !validateImageUrl(url)) { - alert('Invalid image URL. Please use a URL ending with .gif, .jpg, .jpeg, .png, or .webp'); - event.target.value = ''; - } - } - function updateColour() { data.colour = colourToInt(tempColour); }