fix(backend): check number of custom preferences in patch

This commit is contained in:
Sam 2023-04-19 17:21:02 +02:00 committed by Gitea
parent 9a80bb2e9b
commit cd8f165a17
1 changed files with 4 additions and 0 deletions

View File

@ -120,6 +120,10 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
// validate custom preferences // validate custom preferences
if req.CustomPreferences != nil { if req.CustomPreferences != nil {
if count := len(*req.CustomPreferences); count > db.MaxFields {
return server.APIError{Code: server.ErrBadRequest, Details: fmt.Sprintf("Too many custom preferences (max %d, current %d)", db.MaxFields, count)}
}
for k, v := range *req.CustomPreferences { for k, v := range *req.CustomPreferences {
_, err := uuid.Parse(k) _, err := uuid.Parse(k)
if err != nil { if err != nil {