Cavemanon/cavecomm
Archived
9
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Blacklisted char validation within the Submission Alias creation

Browse Source
This commit is contained in:
Tina_Azure
2023-09-20 13:41:59 +02:00
parent 4beb44f7b4
commit 244c62a19d
6 changed files with 50 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/main.cpp
View File

@ -1142,7 +1142,10 @@ int main(int argc, char *argv[]) {
pqxx::connection databaseConnection(configuration.databaseConnectionString); pqxx::connection databaseConnection(configuration.databaseConnectionString);
Database::prepareStatement(databaseConnection, ID_SELECT_FREELANCER_FILE_SUBMISSION_PATH); Database::prepareStatement(databaseConnection, ID_SELECT_FREELANCER_FILE_SUBMISSION_PATH);
pqxx::result submissionFilePathResult = Database::executePreparedStatement_SELECT_FREELANCER_FILE_SUBMISSION_PATH(databaseConnection, fileName, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL)); string decodedFileName = fileName;
Utilities::decodeString(decodedFileName);
pqxx::result submissionFilePathResult = Database::executePreparedStatement_SELECT_FREELANCER_FILE_SUBMISSION_PATH(databaseConnection, decodedFileName, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
if (submissionFilePathResult.empty()) if (submissionFilePathResult.empty())
return crow::response(404, "File does not exist."); return crow::response(404, "File does not exist.");
@ -1240,7 +1243,7 @@ int main(int argc, char *argv[]) {
}); });
/* /*
* Page for freelancer to delete existing Link to a submission todo:implement proper encoding decoding to avoid routing errors # causes routing to cut off * Page for freelancer to delete existing Link to a submission
*/ */
CROW_ROUTE(app, "/freelancer/submissionManagement/view/viewLink/<int>/<string>/<string>/delete").methods(crow::HTTPMethod::GET) CROW_ROUTE(app, "/freelancer/submissionManagement/view/viewLink/<int>/<string>/<string>/delete").methods(crow::HTTPMethod::GET)
([&, configuration](const crow::request& getRequest, const int freelancerID, const string& aliasName, const string& fileName) { ([&, configuration](const crow::request& getRequest, const int freelancerID, const string& aliasName, const string& fileName) {
@ -1286,6 +1289,16 @@ int main(int argc, char *argv[]) {
pqxx::result freelancerIDResult = Database::executePreparedStatement_SELECT_FREELANCER_ID(databaseConnection, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL)); pqxx::result freelancerIDResult = Database::executePreparedStatement_SELECT_FREELANCER_ID(databaseConnection, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
freelancerID = freelancerIDResult.at(0).at(0).c_str(); freelancerID = freelancerIDResult.at(0).at(0).c_str();
string allowedFiletypes, forbiddenChars;
for (const string &character: configuration.submissionBlacklistedCharacters) {
if (!forbiddenChars.empty()) {
forbiddenChars.append(",");
}
forbiddenChars.append(character);
string encodedChar = character;
Utilities::encodeString(encodedChar);
}
ctx[MUSTACHE_FREELANCER_FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED] = forbiddenChars;
ctx["filename"] = fileName; ctx["filename"] = fileName;
ctx["domain"] = configuration.domain + "/commissionSubmission"; ctx["domain"] = configuration.domain + "/commissionSubmission";
ctx["freelancerid"] = freelancerID; ctx["freelancerid"] = freelancerID;
@ -1301,7 +1314,7 @@ int main(int argc, char *argv[]) {
}); });
/* /*
* Page for freelancer to generate link to a particular submission todo:look into inability to display " " and link to "#" * Page for freelancer to generate link to a particular submission
*/ */
CROW_ROUTE(app, "/freelancer/submissionManagement/view/generateLink/fulfilment/<string>").methods(crow::HTTPMethod::POST) CROW_ROUTE(app, "/freelancer/submissionManagement/view/generateLink/fulfilment/<string>").methods(crow::HTTPMethod::POST)
([&, configuration](const crow::request& postRequest, const string& fileName) { ([&, configuration](const crow::request& postRequest, const string& fileName) {
@ -1317,9 +1330,21 @@ int main(int argc, char *argv[]) {
if (splitItem.at(0) == "alias") if (splitItem.at(0) == "alias")
alias = splitItem.at(1); alias = splitItem.at(1);
} }
if (!alias.empty() && !fileName.empty()) {
cout << "filename: " << fileName << endl; bool aliasInvalid = false;
cout << "alias: " << alias << endl; if (alias.empty())
aliasInvalid = true;
else {
for (const string& blacklistedCharacter : configuration.submissionBlacklistedCharacters) {
if (alias.find(blacklistedCharacter) != string::npos) {
aliasInvalid = true;
ctx[MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_BLACKLISTED_CHARACTER] = true;
break;
}
}
}
if (!aliasInvalid && !fileName.empty()) {
pqxx::connection databaseConnection(configuration.databaseConnectionString); pqxx::connection databaseConnection(configuration.databaseConnectionString);
Database::prepareStatements(databaseConnection, { Database::prepareStatements(databaseConnection, {
ID_SELECT_FREELANCER_ID, ID_SELECT_FREELANCER_ID,
@ -1332,6 +1357,8 @@ int main(int argc, char *argv[]) {
aliasName.append("/"); aliasName.append("/");
aliasName.append(alias); aliasName.append(alias);
ctx["submissionLink"] = configuration.domain + "/commissionSubmission/" + aliasName; ctx["submissionLink"] = configuration.domain + "/commissionSubmission/" + aliasName;
string decodedFileName = fileName;
Utilities::decodeString(decodedFileName);
if(Database::executePreparedStatement_INSERT_FREELANCER_FILE_SUBMISSION_ALIAS(databaseConnection, stoi(freelancerID), fileName, aliasName) > 0) if(Database::executePreparedStatement_INSERT_FREELANCER_FILE_SUBMISSION_ALIAS(databaseConnection, stoi(freelancerID), fileName, aliasName) > 0)
ctx[MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID] = true; ctx[MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID] = true;
} }

1
src/templateConstCollection.cpp
View File

@ -76,6 +76,7 @@ namespace TemplateConstCollection {
const static std::string MUSTACHE_FREELANCER_ALIAS_CREATION_ERROR_UNNAMED = "ALIAS_CREATION_ERROR_UNNAMED"; const static std::string MUSTACHE_FREELANCER_ALIAS_CREATION_ERROR_UNNAMED = "ALIAS_CREATION_ERROR_UNNAMED";
const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR = "SUBMISSION_ALIAS_ERROR"; const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR = "SUBMISSION_ALIAS_ERROR";
const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID = "SUBMISSION_ALIAS_ERROR_INVALID"; const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_INVALID = "SUBMISSION_ALIAS_ERROR_INVALID";
const static std::string MUSTACHE_FREELANCER_SUBMISSION_ALIAS_ERROR_BLACKLISTED_CHARACTER = "SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER";
const static std::string MUSTACHE_POST_ERROR = "POST_ERROR"; const static std::string MUSTACHE_POST_ERROR = "POST_ERROR";
const static std::string MUSTACHE_GENERIC_SEPARATOR = "#SEP#"; const static std::string MUSTACHE_GENERIC_SEPARATOR = "#SEP#";

3
templates/freelancer_Submission_Management_View_Generate_Link.html
View File

@ -11,6 +11,9 @@
{{/COOKIE_LOGGED_IN}} {{/COOKIE_LOGGED_IN}}
{{#COOKIE_LOGGED_IN}} {{#COOKIE_LOGGED_IN}}
{{^POST_ERROR}} {{^POST_ERROR}}
<p>
Forbidden Characters in the Alias Name: {{FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED}}
</p>
<form action="/freelancer/submissionManagement/view/generateLink/fulfilment/{{filename}}" method="post"> <form action="/freelancer/submissionManagement/view/generateLink/fulfilment/{{filename}}" method="post">
<p>Link Preview: {{domain}}/{{freelancerid}}/</label><input type="text" id="alias" name="alias" value=""><br> <p>Link Preview: {{domain}}/{{freelancerid}}/</label><input type="text" id="alias" name="alias" value=""><br>
<button type="submit" class="button">Create Link</button> <button type="submit" class="button">Create Link</button>

5
templates/freelancer_Submission_Management_View_Generate_Link_Fulfilment.html
View File

@ -25,6 +25,11 @@
Request is invalid Request is invalid
</div> </div>
{{/REQUEST_NOT_FILLED}} {{/REQUEST_NOT_FILLED}}
{{#SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER}}
<div>
Alias Contains Invalid characcters
</div>
{{/SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER}}
{{/SUBMISSION_ALIAS_ERROR}} {{/SUBMISSION_ALIAS_ERROR}}
{{/COOKIE_LOGGED_IN}} {{/COOKIE_LOGGED_IN}}

3
templates/freelancer_Submission_Management_View_Generate_link.html
View File

@ -11,6 +11,9 @@
{{/COOKIE_LOGGED_IN}} {{/COOKIE_LOGGED_IN}}
{{#COOKIE_LOGGED_IN}} {{#COOKIE_LOGGED_IN}}
{{^POST_ERROR}} {{^POST_ERROR}}
<p>
Forbidden Characters in the Alias Name: {{FORBIDDEN_FILE_CHARACTER_LIST_COMMA_SEPARATED}}
</p>
<form action="/freelancer/submissionManagement/view/generateLink/fulfilment/{{filename}}" method="post"> <form action="/freelancer/submissionManagement/view/generateLink/fulfilment/{{filename}}" method="post">
<p>Link Preview: {{domain}}/{{freelancerid}}/</label><input type="text" id="alias" name="alias" value=""><br> <p>Link Preview: {{domain}}/{{freelancerid}}/</label><input type="text" id="alias" name="alias" value=""><br>
<button type="submit" class="button">Create Link</button> <button type="submit" class="button">Create Link</button>

5
templates/freelancer_Submission_Management_View_Generate_link_fulfilment.html
View File

@ -25,6 +25,11 @@
Request is invalid Request is invalid
</div> </div>
{{/REQUEST_NOT_FILLED}} {{/REQUEST_NOT_FILLED}}
{{#SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER}}
<div>
Alias Contains Invalid characcters
</div>
{{/SUBMISSION_ALIAS_ERROR_INVALID_BLACKLISTED_CHARACTER}}
{{/SUBMISSION_ALIAS_ERROR}} {{/SUBMISSION_ALIAS_ERROR}}
{{/COOKIE_LOGGED_IN}} {{/COOKIE_LOGGED_IN}}