add validation for icons that are too large (#9667)

This commit is contained in:
Pentarctagon 2024-12-23 23:12:52 -06:00 committed by GitHub
parent 0badadaffe
commit d9ef464b1e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 31 additions and 1 deletions

View file

@ -213,6 +213,11 @@ bool addons_client::upload_addon(const std::string& id, std::string& response_me
return false;
}
if(addon_icon_too_large(cfg["icon"].str())) {
last_error_ = VGETTEXT("The file size for the icon for the add-on <i>$addon_title</i> is too large.", i18n_symbols);
return false;
}
if(!local_only) {
// Try to make an upload pack if it's avaible on the server
config hashlist, hash_request;

View file

@ -233,8 +233,13 @@ std::string addon_info::display_icon() const
{
std::string ret = icon;
if(!image::exists(image::locator{ret}) && !ret.empty()) {
// make sure it's set to something when there are issues
// otherwise display errors will spam the log while the add-ons manager is open
if(ret.empty()) {
ret = "misc/blank-hex.png";
} if(!image::exists(image::locator{ret}) && !ret.empty()) {
ERR_AC << "add-on '" << id << "' has an icon which cannot be found: '" << ret << "'";
ret = "misc/blank-hex.png";
} else if(ret.find("units/") != std::string::npos && ret.find_first_of('~') == std::string::npos) {
// HACK: prevent magenta icons, because they look awful
LOG_AC << "add-on '" << id << "' uses a unit baseframe as icon without TC/RC specifications";

View file

@ -71,6 +71,10 @@ bool addon_filename_legal(const std::string& name)
return filesystem::is_legal_user_file_name(name, false);
}
bool addon_icon_too_large(const std::string& icon) {
return icon.size() > max_icon_size;
}
namespace {
bool check_names_legal_internal(const config& dir, std::string current_prefix, std::vector<std::string>* badlist)
@ -501,6 +505,10 @@ std::string addon_check_status_desc(unsigned int code)
ADDON_CHECK_STATUS::AUTH_TYPE_MISMATCH,
N_("The add-ons forum_auth attribute does not match what was previously uploaded.")
},
{
ADDON_CHECK_STATUS::ICON_TOO_LARGE,
N_("The add-ons icons file size is too large.")
},
//
// Server errors

View file

@ -65,6 +65,7 @@ enum class ADDON_CHECK_STATUS : unsigned int
BAD_FEEDBACK_TOPIC_ID = 0x209, /**< The provided topic ID for the addon's feedback forum thread is invalid */
FEEDBACK_TOPIC_ID_NOT_FOUND = 0x2A0, /**< The provided topic ID for the addon's feedback forum thread wasn't found in the forum database */
AUTH_TYPE_MISMATCH = 0x2B0, /**< The addon's forum_auth value does not match its previously set value */
ICON_TOO_LARGE = 0x2C0, /**< The add-on's icon is too large (presumably a DataURI) */
//
// Server errors
//
@ -123,6 +124,9 @@ std::string get_addon_type_string(ADDON_TYPE type);
bool addon_name_legal(const std::string& name);
/** Checks whether an add-on file name is legal or not. */
bool addon_filename_legal(const std::string& name);
/** Checks whether an add-on icon is too large. */
bool addon_icon_too_large(const std::string& icon);
constexpr std::size_t max_icon_size = 500'000;
/**
* Scans an add-on archive for illegal names.

View file

@ -16,6 +16,7 @@
#include "gui/dialogs/editor/edit_pbl.hpp"
#include "addon/validation.hpp"
#include "editor/editor_common.hpp"
#include "filesystem.hpp"
#include "gettext.hpp"
@ -387,6 +388,8 @@ void editor_edit_pbl::validate()
read(temp, ss.str(), validator.get());
if(!validator->get_errors().empty()) {
gui2::show_error_message(utils::join(validator->get_errors(), "\n"));
} else if(addon_icon_too_large(temp["icon"].str())) {
gui2::show_error_message(_("The icons file size is too large"));
} else {
gui2::show_message(_("Success"), _("No validation errors"), gui2::dialogs::message::button_style::auto_close);
}

View file

@ -1416,6 +1416,11 @@ ADDON_CHECK_STATUS server::validate_addon(const server::request& req, config*& e
return ADDON_CHECK_STATUS::NO_TITLE;
}
if(addon_icon_too_large(upload["icon"].str())) {
LOG_CS << "Validation error: icon too large";
return ADDON_CHECK_STATUS::ICON_TOO_LARGE;
}
if(is_text_markup_char(upload["title"].str()[0])) {
LOG_CS << "Validation error: add-on title starts with an illegal formatting character.";
return ADDON_CHECK_STATUS::TITLE_HAS_MARKUP;