do_update_message: Check max message and subject lengths.

(imported from commit 48e8b21c7ca122afc40fcd1482d26185f50cadab)
2013-06-24 10:29:30 -04:00 · 2013-06-24 10:29:30 -04:00 · edc4f51b00
parent bab2c2f93a
commit edc4f51b00
1 changed files with 4 additions and 0 deletions
--- a/zephyr/lib/actions.py
+++ b/zephyr/lib/actions.py
@ -965,6 +965,8 @@ def do_update_message(user_profile, message_id, subject, content):
                first_rendered_content = old_edit_history_event['prev_rendered_content']

    if content is not None:
+        if len(content) > MAX_MESSAGE_LENGTH:
+            raise JsonableError("Message too long")
        rendered_content = bugdown.convert(content, message.sender.realm.domain)
        if rendered_content is None:
            raise JsonableError("We were unable to render your updated message")
@ -985,6 +987,8 @@ def do_update_message(user_profile, message_id, subject, content):
        event["rendered_content"] = rendered_content

    if subject is not None:
+        if len(subject) > MAX_SUBJECT_LENGTH:
+            raise JsonableError("Subject too long")
        event["orig_subject"] = message.subject
        message.subject = subject
        event["subject"] = subject