add validation for icons that are too large (#9667)

2024-12-23 23:12:52 -06:00 · 2024-12-23 23:12:52 -06:00 · d9ef464b1e
commit d9ef464b1e
parent 0badadaffe
6 changed files with 31 additions and 1 deletions
--- a/src/addon/client.cpp
+++ b/src/addon/client.cpp
@ -213,6 +213,11 @@ bool addons_client::upload_addon(const std::string& id, std::string& response_me
 		return false;
 	}

+	if(addon_icon_too_large(cfg["icon"].str())) {
+		last_error_ = VGETTEXT("The file size for the icon for the add-on <i>$addon_title</i> is too large.", i18n_symbols);
+		return false;
+	}
+
 	if(!local_only) {
 		// Try to make an upload pack if it's avaible on the server
 		config hashlist, hash_request;
--- a/src/addon/info.cpp
+++ b/src/addon/info.cpp
@ -233,8 +233,13 @@ std::string addon_info::display_icon() const
 {
 	std::string ret = icon;

-	if(!image::exists(image::locator{ret}) && !ret.empty()) {
+	// make sure it's set to something when there are issues
+	// otherwise display errors will spam the log while the add-ons manager is open
+	if(ret.empty()) {
+		ret = "misc/blank-hex.png";
+	} if(!image::exists(image::locator{ret}) && !ret.empty()) {
 		ERR_AC << "add-on '" << id << "' has an icon which cannot be found: '" << ret << "'";
+		ret = "misc/blank-hex.png";
 	} else if(ret.find("units/") != std::string::npos && ret.find_first_of('~') == std::string::npos) {
 		// HACK: prevent magenta icons, because they look awful
 		LOG_AC << "add-on '" << id << "' uses a unit baseframe as icon without TC/RC specifications";
--- a/src/addon/validation.cpp
+++ b/src/addon/validation.cpp
@ -71,6 +71,10 @@ bool addon_filename_legal(const std::string& name)
 	return filesystem::is_legal_user_file_name(name, false);
 }

+bool addon_icon_too_large(const std::string& icon) {
+	return icon.size() > max_icon_size;
+}
+
 namespace {

 bool check_names_legal_internal(const config& dir, std::string current_prefix, std::vector<std::string>* badlist)
@ -501,6 +505,10 @@ std::string addon_check_status_desc(unsigned int code)
 			ADDON_CHECK_STATUS::AUTH_TYPE_MISMATCH,
 			N_("The add-on’s forum_auth attribute does not match what was previously uploaded.")
 		},
+		{
+			ADDON_CHECK_STATUS::ICON_TOO_LARGE,
+			N_("The add-on’s icon’s file size is too large.")
+		},

 		//
 		// Server errors
--- a/src/addon/validation.hpp
+++ b/src/addon/validation.hpp
@ -65,6 +65,7 @@ enum class ADDON_CHECK_STATUS : unsigned int
 	BAD_FEEDBACK_TOPIC_ID       = 0x209,        /**< The provided topic ID for the addon's feedback forum thread is invalid */
 	FEEDBACK_TOPIC_ID_NOT_FOUND = 0x2A0,        /**< The provided topic ID for the addon's feedback forum thread wasn't found in the forum database */
 	AUTH_TYPE_MISMATCH 			= 0x2B0, 		/**< The addon's forum_auth value does not match its previously set value */
+	ICON_TOO_LARGE	 			= 0x2C0, 		/**< The add-on's icon is too large (presumably a DataURI) */
 	//
 	// Server errors
 	//
@ -123,6 +124,9 @@ std::string get_addon_type_string(ADDON_TYPE type);
 bool addon_name_legal(const std::string& name);
 /** Checks whether an add-on file name is legal or not. */
 bool addon_filename_legal(const std::string& name);
+/** Checks whether an add-on icon is too large. */
+bool addon_icon_too_large(const std::string& icon);
+constexpr std::size_t max_icon_size = 500'000;

 /**
 * Scans an add-on archive for illegal names.
--- a/src/gui/dialogs/editor/edit_pbl.cpp
+++ b/src/gui/dialogs/editor/edit_pbl.cpp
@ -16,6 +16,7 @@

 #include "gui/dialogs/editor/edit_pbl.hpp"

+#include "addon/validation.hpp"
 #include "editor/editor_common.hpp"
 #include "filesystem.hpp"
 #include "gettext.hpp"
@ -387,6 +388,8 @@ void editor_edit_pbl::validate()
 	read(temp, ss.str(), validator.get());
 	if(!validator->get_errors().empty()) {
 		gui2::show_error_message(utils::join(validator->get_errors(), "\n"));
+	} else if(addon_icon_too_large(temp["icon"].str())) {
+		gui2::show_error_message(_("The icon’s file size is too large"));
 	} else {
 		gui2::show_message(_("Success"), _("No validation errors"), gui2::dialogs::message::button_style::auto_close);
 	}
--- a/src/server/campaignd/server.cpp
+++ b/src/server/campaignd/server.cpp
@ -1416,6 +1416,11 @@ ADDON_CHECK_STATUS server::validate_addon(const server::request& req, config*& e
 		return ADDON_CHECK_STATUS::NO_TITLE;
 	}

+	if(addon_icon_too_large(upload["icon"].str())) {
+		LOG_CS << "Validation error: icon too large";
+		return ADDON_CHECK_STATUS::ICON_TOO_LARGE;
+	}
+
 	if(is_text_markup_char(upload["title"].str()[0])) {
 		LOG_CS << "Validation error: add-on title starts with an illegal formatting character.";
 		return ADDON_CHECK_STATUS::TITLE_HAS_MARKUP;