From 4cab3d1afe4400016703ce0a8721f42823ac4e40 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 9 Nov 2018 14:54:53 +0300
Subject: CommandsManager: 4096 character limit

---
 src/main/java/com/juick/server/CommandsManager.java | 10 ++++++++--
 src/main/java/com/juick/server/api/Post.java        |  9 +--------
 2 files changed, 9 insertions(+), 10 deletions(-)

(limited to 'src/main/java')

diff --git a/src/main/java/com/juick/server/CommandsManager.java b/src/main/java/com/juick/server/CommandsManager.java
index 82143482..e564f18e 100644
--- a/src/main/java/com/juick/server/CommandsManager.java
+++ b/src/main/java/com/juick/server/CommandsManager.java
@@ -21,13 +21,13 @@ import com.juick.Message;
 import com.juick.Tag;
 import com.juick.User;
 import com.juick.formatters.PlainTextFormatter;
-import com.juick.service.activities.DeleteMessageEvent;
-import com.juick.service.component.*;
 import com.juick.model.CommandResult;
 import com.juick.model.TagStats;
 import com.juick.server.helpers.annotation.UserCommand;
 import com.juick.server.util.HttpUtils;
 import com.juick.service.*;
+import com.juick.service.activities.DeleteMessageEvent;
+import com.juick.service.component.*;
 import com.juick.util.MessageUtils;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -110,6 +110,9 @@ public class CommandsManager {
         }
         // new message
         String body = tags.getLeft().trim();
+        if (body.length() > 4096) {
+            return CommandResult.fromString("Sorry, 4096 characters maximum.");
+        }
         boolean haveAttachment = StringUtils.isNotEmpty(attachment.toString());
         String attachmentFName = null;
         String attachmentType = null;
@@ -507,6 +510,9 @@ public class CommandsManager {
                 return CommandResult.fromString("Tags are NOT updated (5 tags maximum?)");
             }
         } else {
+            if (txt.length() > 4096) {
+                return CommandResult.fromString("Sorry, 4096 characters maximum.");
+            }
             boolean haveAttachment = StringUtils.isNotEmpty(attachment.toString());
             String attachmentFName = null;
             String attachmentType = null;
diff --git a/src/main/java/com/juick/server/api/Post.java b/src/main/java/com/juick/server/api/Post.java
index 303ff109..2c7346b3 100644
--- a/src/main/java/com/juick/server/api/Post.java
+++ b/src/main/java/com/juick/server/api/Post.java
@@ -70,11 +70,8 @@ public class Post {
             @RequestParam(required = false) MultipartFile attach) throws Exception {
         User visitor = UserUtils.getCurrentUser();
 
-        if (visitor.isAnonymous())
+        if (visitor.isAnonymous()) {
             throw new HttpForbiddenException();
-
-        if (body.length() > 4096) {
-            throw new HttpBadRequestException();
         }
         body = body.replace("\r", StringUtils.EMPTY);
 
@@ -129,10 +126,6 @@ public class Post {
                 throw new HttpNotFoundException();
             }
         }
-
-        if (body.length() > 4096) {
-            throw new HttpBadRequestException();
-        }
         body = body.replace("\r", StringUtils.EMPTY);
 
         if ((msg.ReadOnly && msg.getUser().getUid() != vuid) || userService.isInBLAny(msg.getUser().getUid(), vuid)
-- 
cgit v1.2.3