diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-09-15 06:56:08 -0400 |
|---|---|---|
| committer | George Goldberg <george@gberg.me> | 2017-09-15 11:56:08 +0100 |
| commit | 600beb5af3e35fd82a2b06995b67629d08fe0fe3 (patch) | |
| tree | 1bb4b6b99420aff52c1efec5631f3094a927c2a9 | |
| parent | b6fb98a43176215f16fc52b64abebde51355e5c1 (diff) | |
| download | chat-600beb5af3e35fd82a2b06995b67629d08fe0fe3.tar.gz chat-600beb5af3e35fd82a2b06995b67629d08fe0fe3.tar.bz2 chat-600beb5af3e35fd82a2b06995b67629d08fe0fe3.zip | |
Add some checking of channel ID before sending websocket event (#7431)
| -rw-r--r-- | app/channel.go | 2 | ||||
| -rw-r--r-- | model/utils.go | 15 | ||||
| -rw-r--r-- | model/utils_test.go | 35 |
3 files changed, 51 insertions, 1 deletions
diff --git a/app/channel.go b/app/channel.go index fa9ac08ef..e7025633f 100644 --- a/app/channel.go +++ b/app/channel.go @@ -1168,7 +1168,7 @@ func (a *App) ViewChannel(view *model.ChannelView, userId string, clearPushNotif return result.Err } - if *utils.Cfg.ServiceSettings.EnableChannelViewedMessages && len(view.ChannelId) > 0 { + if *utils.Cfg.ServiceSettings.EnableChannelViewedMessages && model.IsValidId(view.ChannelId) { message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_CHANNEL_VIEWED, "", "", userId, nil) message.Add("channel_id", view.ChannelId) go Publish(message) diff --git a/model/utils.go b/model/utils.go index 090644ec6..8994a2422 100644 --- a/model/utils.go +++ b/model/utils.go @@ -18,6 +18,7 @@ import ( "strconv" "strings" "time" + "unicode" goi18n "github.com/nicksnyder/go-i18n/i18n" "github.com/pborman/uuid" @@ -492,3 +493,17 @@ func IsValidNumberString(value string) bool { return true } + +func IsValidId(value string) bool { + if len(value) != 26 { + return false + } + + for _, r := range value { + if !unicode.IsLetter(r) && !unicode.IsNumber(r) { + return false + } + } + + return true +} diff --git a/model/utils_test.go b/model/utils_test.go index bc2aa6ce7..fd333b40c 100644 --- a/model/utils_test.go +++ b/model/utils_test.go @@ -331,3 +331,38 @@ func TestIsValidAlphaNumHyphenUnderscore(t *testing.T) { } } } + +func TestIsValidId(t *testing.T) { + cases := []struct { + Input string + Result bool + }{ + { + Input: NewId(), + Result: true, + }, + { + Input: "", + Result: false, + }, + { + Input: "junk", + Result: false, + }, + { + Input: "qwertyuiop1234567890asdfg{", + Result: false, + }, + { + Input: NewId() + "}", + Result: false, + }, + } + + for _, tc := range cases { + actual := IsValidId(tc.Input) + if actual != tc.Result { + t.Fatalf("case: %v\tshould returned: %#v", tc, tc.Result) + } + } +} |