From c5deb333db40e4e527f98edb93b41d1b66cfec5f Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Tue, 31 May 2016 08:15:33 -0400
Subject: Added validation to make sure theme entries are colours (#3107)

* Added validation to make sure theme entries are colours

* Added serverside validation for theme
---
 model/user.go      | 15 +++++++++++++++
 model/user_test.go | 13 +++++++++++++
 2 files changed, 28 insertions(+)

(limited to 'model')

diff --git a/model/user.go b/model/user.go
index 7dee67381..b7717c4ff 100644
--- a/model/user.go
+++ b/model/user.go
@@ -186,6 +186,21 @@ func (u *User) PreUpdate() {
 		}
 		u.NotifyProps["mention_keys"] = strings.Join(goodKeys, ",")
 	}
+
+	if u.ThemeProps != nil {
+		colorPattern := regexp.MustCompile(`^#[0-9a-fA-F]{3}([0-9a-fA-F]{3})?$`)
+
+		// blank out any invalid theme values
+		for name, value := range u.ThemeProps {
+			if name == "image" || name == "type" || name == "codeTheme" {
+				continue
+			}
+
+			if !colorPattern.MatchString(value) {
+				u.ThemeProps[name] = "#ffffff"
+			}
+		}
+	}
 }
 
 func (u *User) SetDefaultNotifications() {
diff --git a/model/user_test.go b/model/user_test.go
index c6f7dfecc..d8ef77d6a 100644
--- a/model/user_test.go
+++ b/model/user_test.go
@@ -39,6 +39,19 @@ func TestUserPreSave(t *testing.T) {
 func TestUserPreUpdate(t *testing.T) {
 	user := User{Password: "test"}
 	user.PreUpdate()
+
+	user.ThemeProps = StringMap{
+		"codeTheme":     "github",
+		"awayIndicator": "#cdbd4e",
+		"buttonColor":   "invalid",
+	}
+	user.PreUpdate()
+
+	if user.ThemeProps["codeTheme"] != "github" || user.ThemeProps["awayIndicator"] != "#cdbd4e" {
+		t.Fatal("shouldn't have changed valid theme props")
+	} else if user.ThemeProps["buttonColor"] != "#ffffff" {
+		t.Fatal("should've changed invalid theme prop")
+	}
 }
 
 func TestUserUpdateMentionKeysFromUsername(t *testing.T) {
-- 
cgit v1.2.3-1-g7c22