From 9903f8f27cb44ee545a771256a47964d332e3a44 Mon Sep 17 00:00:00 2001 From: jakezhu9 Date: Fri, 5 May 2023 09:29:15 +0800 Subject: [PATCH] fix: comment author url validation --- handler/content/api/journal.go | 8 +++++++- handler/content/api/post.go | 8 +++++++- handler/content/api/sheet.go | 8 +++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/handler/content/api/journal.go b/handler/content/api/journal.go index ce5df863..97b559d5 100644 --- a/handler/content/api/journal.go +++ b/handler/content/api/journal.go @@ -204,7 +204,13 @@ func (j *JournalHandler) CreateComment(ctx *gin.Context) (interface{}, error) { p := param.Comment{} err := ctx.ShouldBindJSON(&p) if err != nil { - return nil, err + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } + if p.AuthorURL != "" { + err = util.Validate.Var(p.AuthorURL, "http_url") + if err != nil { + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } } p.Author = template.HTMLEscapeString(p.Author) p.AuthorURL = template.HTMLEscapeString(p.AuthorURL) diff --git a/handler/content/api/post.go b/handler/content/api/post.go index e14abbc0..08d8ef42 100644 --- a/handler/content/api/post.go +++ b/handler/content/api/post.go @@ -163,7 +163,13 @@ func (p *PostHandler) CreateComment(ctx *gin.Context) (interface{}, error) { comment := param.Comment{} err := ctx.ShouldBindJSON(&comment) if err != nil { - return nil, err + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } + if comment.AuthorURL != "" { + err = util.Validate.Var(comment.AuthorURL, "http_url") + if err != nil { + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } } comment.Author = template.HTMLEscapeString(comment.Author) comment.AuthorURL = template.HTMLEscapeString(comment.AuthorURL) diff --git a/handler/content/api/sheet.go b/handler/content/api/sheet.go index 8d4bc162..0cda7b1a 100644 --- a/handler/content/api/sheet.go +++ b/handler/content/api/sheet.go @@ -163,7 +163,13 @@ func (s *SheetHandler) CreateComment(ctx *gin.Context) (interface{}, error) { comment := param.Comment{} err := ctx.ShouldBindJSON(&comment) if err != nil { - return nil, err + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } + if comment.AuthorURL != "" { + err = util.Validate.Var(comment.AuthorURL, "http_url") + if err != nil { + return nil, xerr.WithStatus(err, xerr.StatusBadRequest).WithMsg("Parameter error") + } } comment.Author = template.HTMLEscapeString(comment.Author) comment.AuthorURL = template.HTMLEscapeString(comment.AuthorURL)