mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-25 02:55:46 +03:00
Enforce the max length for per-room display names / avatar URLs. (#10654)
To match the maximum lengths allowed for profile data.
This commit is contained in:
parent
3e83f97154
commit
0c1d6f65d7
2 changed files with 17 additions and 1 deletions
1
changelog.d/10654.bugfix
Normal file
1
changelog.d/10654.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Enforce the maximum length for per-room display names and avatar URLs.
|
|
@ -36,6 +36,7 @@ from synapse.api.ratelimiting import Ratelimiter
|
||||||
from synapse.event_auth import get_named_level, get_power_level_event
|
from synapse.event_auth import get_named_level, get_power_level_event
|
||||||
from synapse.events import EventBase
|
from synapse.events import EventBase
|
||||||
from synapse.events.snapshot import EventContext
|
from synapse.events.snapshot import EventContext
|
||||||
|
from synapse.handlers.profile import MAX_AVATAR_URL_LEN, MAX_DISPLAYNAME_LEN
|
||||||
from synapse.types import (
|
from synapse.types import (
|
||||||
JsonDict,
|
JsonDict,
|
||||||
Requester,
|
Requester,
|
||||||
|
@ -79,7 +80,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
||||||
self.account_data_handler = hs.get_account_data_handler()
|
self.account_data_handler = hs.get_account_data_handler()
|
||||||
self.event_auth_handler = hs.get_event_auth_handler()
|
self.event_auth_handler = hs.get_event_auth_handler()
|
||||||
|
|
||||||
self.member_linearizer = Linearizer(name="member")
|
self.member_linearizer: Linearizer = Linearizer(name="member")
|
||||||
|
|
||||||
self.clock = hs.get_clock()
|
self.clock = hs.get_clock()
|
||||||
self.spam_checker = hs.get_spam_checker()
|
self.spam_checker = hs.get_spam_checker()
|
||||||
|
@ -556,6 +557,20 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
||||||
content.pop("displayname", None)
|
content.pop("displayname", None)
|
||||||
content.pop("avatar_url", None)
|
content.pop("avatar_url", None)
|
||||||
|
|
||||||
|
if len(content.get("displayname") or "") > MAX_DISPLAYNAME_LEN:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
f"Displayname is too long (max {MAX_DISPLAYNAME_LEN})",
|
||||||
|
errcode=Codes.BAD_JSON,
|
||||||
|
)
|
||||||
|
|
||||||
|
if len(content.get("avatar_url") or "") > MAX_AVATAR_URL_LEN:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
f"Avatar URL is too long (max {MAX_AVATAR_URL_LEN})",
|
||||||
|
errcode=Codes.BAD_JSON,
|
||||||
|
)
|
||||||
|
|
||||||
effective_membership_state = action
|
effective_membership_state = action
|
||||||
if action in ["kick", "unban"]:
|
if action in ["kick", "unban"]:
|
||||||
effective_membership_state = "leave"
|
effective_membership_state = "leave"
|
||||||
|
|
Loading…
Reference in a new issue