qpixel icon indicating copy to clipboard operation
qpixel copied to clipboard
verified publisher icon codidact

Flag message length is not validated at all

Open Oaphi opened this issue 2 years ago • 0 comments

Describe the bug

Length of flag messages is not validated server-side (although the minimum length [1 char ATTOW] is validated client-side). As a result, flaggers can submit up to 65 536 characters.

To Reproduce Steps to reproduce the behavior:

  1. Log in as any user.
  2. Flag any post with a custom reason. Include as many characters as you like. Observe the flag successfully being submitted or a raw DB error when over 65536 chars.

As per prior discussion, the upper limit should be configurable per-community with 1000 chars as the default. Let's also make the lower limit configurable (it's hardcoded right now) with the default set to 1 (for backwards compatibility).

Oaphi avatar Jan 07 '24 01:01 Oaphi