From a9c48a839437c090a8e1b05d417f748fdd211f11 Mon Sep 17 00:00:00 2001 From: Adhityaa Chandrasekar Date: Wed, 1 May 2019 18:48:25 -0400 Subject: [PATCH] domain_new.go: reject domains with / --- api/domain_new.go | 5 +++++ api/errors.go | 1 + 2 files changed, 6 insertions(+) diff --git a/api/domain_new.go b/api/domain_new.go index 7dbba13..1248b23 100644 --- a/api/domain_new.go +++ b/api/domain_new.go @@ -2,6 +2,7 @@ package main import ( "net/http" + "strings" "time" ) @@ -10,6 +11,10 @@ func domainNew(ownerHex string, name string, domain string) error { return errorMissingField } + if strings.Contains(domain, "/") { + return errorInvalidDomain + } + statement := ` INSERT INTO domains (ownerHex, name, domain, creationDate) diff --git a/api/errors.go b/api/errors.go index a53695a..d044fdb 100644 --- a/api/errors.go +++ b/api/errors.go @@ -45,3 +45,4 @@ var errorThreadLocked = errors.New("This thread is locked. You cannot add new co var errorDatabaseMigration = errors.New("Encountered error applying database migration.") var errorNoSuchUnsubscribeSecretHex = errors.New("Invalid unsubscribe link.") var errorEmptyPaths = errors.New("Empty paths field.") +var errorInvalidDomain = errors.New("Invalid domain name. Do not include the URL path after the forward slash.")