mirror of
https://github.com/onionshare/onionshare.git
synced 2025-01-25 02:32:58 -03:00
Merge branch 'main' of github.com:onionshare/onionshare-ghsa-9mxm-qp84-xgx6 into release-2.6.2
This commit is contained in:
commit
f1cf52b166
1 changed files with 29 additions and 2 deletions
|
@ -17,6 +17,7 @@ GNU General Public License for more details.
|
|||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
import unicodedata
|
||||
|
||||
from flask import request, render_template, make_response, jsonify, session
|
||||
from flask_socketio import emit, ConnectionRefusedError
|
||||
|
@ -47,11 +48,37 @@ class ChatModeWeb:
|
|||
|
||||
self.define_routes()
|
||||
|
||||
def remove_unallowed_characters(self, text):
|
||||
"""
|
||||
Sanitize username to remove unwanted characters.
|
||||
Allowed characters right now are:
|
||||
- all ASCII numbers
|
||||
- all ASCII letters
|
||||
- dash, underscore and single space
|
||||
"""
|
||||
|
||||
def allowed_character(ch):
|
||||
allowed_unicode_categories = [
|
||||
'L', # All letters
|
||||
'N', # All numbers
|
||||
]
|
||||
allowed_special_characters = [
|
||||
'-', # dash
|
||||
'_', # underscore
|
||||
' ', # single space
|
||||
]
|
||||
return (
|
||||
unicodedata.category(ch)[0] in allowed_unicode_categories and ord(ch) < 128
|
||||
) or ch in allowed_special_characters
|
||||
|
||||
return "".join(
|
||||
ch for ch in text if allowed_character(ch)
|
||||
)
|
||||
|
||||
def validate_username(self, username):
|
||||
username = username.strip()
|
||||
username = self.remove_unallowed_characters(username.strip())
|
||||
return (
|
||||
username
|
||||
and username.isascii()
|
||||
and username not in self.connected_users
|
||||
and len(username) < 128
|
||||
)
|
||||
|
|
Loading…
Add table
Reference in a new issue