diff options
| author | Saptak S <saptak013@gmail.com> | 2024-03-15 12:31:15 +0530 |
|---|---|---|
| committer | Saptak S <saptak013@gmail.com> | 2024-03-15 12:31:15 +0530 |
| commit | 03f89bfaa7d9c88eced8e071105e347aa9077568 (patch) | |
| tree | c88c79d171f805d1a379cb1f11654b12f007805e | |
| parent | 00b3109590448aea14d3cae034506013ada2b0e4 (diff) | |
| parent | 35670533d8a17bfc8cd367c53638a349cc552932 (diff) | |
| download | onionshare-03f89bfaa7d9c88eced8e071105e347aa9077568.tar.gz onionshare-03f89bfaa7d9c88eced8e071105e347aa9077568.zip | |
Merge branch 'advisory-fix-1' of github.com:onionshare/onionshare-ghsa-pmjc-j5gp-7hcj into release-2.6.2
| -rw-r--r-- | cli/onionshare_cli/resources/templates/receive.html | 2 | ||||
| -rw-r--r-- | cli/onionshare_cli/web/receive_mode.py | 7 |
2 files changed, 6 insertions, 3 deletions
diff --git a/cli/onionshare_cli/resources/templates/receive.html b/cli/onionshare_cli/resources/templates/receive.html index 159bfac5..90f10798 100644 --- a/cli/onionshare_cli/resources/templates/receive.html +++ b/cli/onionshare_cli/resources/templates/receive.html @@ -53,7 +53,7 @@ <p><input type="file" id="file-select" name="file[]" multiple /></p> {% endif %} {% if not disable_text %} - <p><textarea id="text" name="text" placeholder="Write a message"></textarea></p> + <p><textarea id="text" name="text" placeholder="Write a message (max length 524288 characters)" maxlength="524288"></textarea></p> {% endif %} <p><button type="submit" id="send-button" class="button">Submit</button></p> </form> diff --git a/cli/onionshare_cli/web/receive_mode.py b/cli/onionshare_cli/web/receive_mode.py index 9ddf22ff..a25f82a1 100644 --- a/cli/onionshare_cli/web/receive_mode.py +++ b/cli/onionshare_cli/web/receive_mode.py @@ -194,7 +194,10 @@ class ReceiveModeWeb: if files_received > 0: msg = f"Uploaded {files_msg}" else: - msg = "Nothing submitted" + if not self.web.settings.get("receive", "disable_text"): + msg = "Nothing submitted or message was too long (> 524288 characters)" + else: + msg = "Nothing submitted" if ajax: info_flashes.append(msg) @@ -462,7 +465,7 @@ class ReceiveModeRequest(Request): self.includes_message = False if not self.web.settings.get("receive", "disable_text"): text_message = self.form.get("text") - if text_message: + if text_message and len(text_message) <= 524288: if text_message.strip() != "": self.includes_message = True |