Commit c6fcae83 authored by Stephane Glondu's avatar Stephane Glondu

Set a limit on election names to prevent abuse

parent 45f61036
......@@ -435,3 +435,5 @@ let days_to_delete = 365
let days_to_mail = 30
let days_between_mails = 7
let days_to_publish_result = 7
let max_election_name_size = 80
......@@ -168,3 +168,5 @@ val days_to_delete : int
val days_to_mail : int
val days_between_mails : int
val days_to_publish_result : int
val max_election_name_size : int
......@@ -586,11 +586,19 @@ let () =
Any.register ~service:election_draft_description
(fun uuid (name, description) ->
with_draft_election uuid (fun se ->
se.se_questions <- {se.se_questions with
t_name = name;
t_description = description;
};
redir_preapply election_draft uuid ()
if PString.length name > max_election_name_size then (
let msg =
Printf.sprintf "The election name must be %d bytes or less!"
max_election_name_size
in
T.generic_page ~title:"Error" msg () >>= Html.send
) else (
se.se_questions <- {se.se_questions with
t_name = name;
t_description = description;
};
redir_preapply election_draft uuid ()
)
)
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment