[bugfix] Use []rune to check length of user-submitted text (#948)

internal/api/client/app/appcreate.go

@@ -92,26 +92,26 @@ func (m *Module) AppsPOSTHandler(c *gin.Context) {
 		return
 	}
 
-	if len(form.ClientName) > formFieldLen {
-		err := fmt.Errorf("client_name must be less than %d bytes", formFieldLen)
+	if len([]rune(form.ClientName)) > formFieldLen {
+		err := fmt.Errorf("client_name must be less than %d characters", formFieldLen)
 		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}
 
-	if len(form.RedirectURIs) > formRedirectLen {
-		err := fmt.Errorf("redirect_uris must be less than %d bytes", formRedirectLen)
+	if len([]rune(form.RedirectURIs)) > formRedirectLen {
+		err := fmt.Errorf("redirect_uris must be less than %d characters", formRedirectLen)
 		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}
 
-	if len(form.Scopes) > formFieldLen {
-		err := fmt.Errorf("scopes must be less than %d bytes", formFieldLen)
+	if len([]rune(form.Scopes)) > formFieldLen {
+		err := fmt.Errorf("scopes must be less than %d characters", formFieldLen)
 		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}
 
-	if len(form.Website) > formFieldLen {
-		err := fmt.Errorf("website must be less than %d bytes", formFieldLen)
+	if len([]rune(form.Website)) > formFieldLen {
+		err := fmt.Errorf("website must be less than %d characters", formFieldLen)
 		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

internal/api/client/media/mediacreate.go

@@ -163,8 +163,8 @@ func validateCreateMedia(form *model.AttachmentRequest) error {
 		return fmt.Errorf("file size limit exceeded: limit is %d bytes but attachment was %d bytes", maxSize, form.File.Size)
 	}
 
-	if len(form.Description) > maxDescriptionChars {
-		return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(form.Description))
+	if length := len([]rune(form.Description)); length > maxDescriptionChars {
+		return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
 	}
 
 	return nil

internal/api/client/media/mediaupdate.go

@@ -142,8 +142,8 @@ func validateUpdateMedia(form *model.AttachmentUpdateRequest) error {
 	maxDescriptionChars := config.GetMediaDescriptionMaxChars()
 
 	if form.Description != nil {
-		if len(*form.Description) < minDescriptionChars || len(*form.Description) > maxDescriptionChars {
-			return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, len(*form.Description))
+		if length := len([]rune(*form.Description)); length < minDescriptionChars || length > maxDescriptionChars {
+			return fmt.Errorf("image description length must be between %d and %d characters (inclusive), but provided image description was %d chars", minDescriptionChars, maxDescriptionChars, length)
 		}
 	}
 

internal/api/client/status/statuscreate.go

@@ -124,8 +124,8 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
 	maxCwChars := config.GetStatusesCWMaxChars()
 
 	if form.Status != "" {
-		if len(form.Status) > maxChars {
-			return fmt.Errorf("status too long, %d characters provided but limit is %d", len(form.Status), maxChars)
+		if length := len([]rune(form.Status)); length > maxChars {
+			return fmt.Errorf("status too long, %d characters provided but limit is %d", length, maxChars)
 		}
 	}
 
@@ -141,15 +141,15 @@ func validateCreateStatus(form *model.AdvancedStatusCreateForm) error {
 			return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
 		}
 		for _, p := range form.Poll.Options {
-			if len(p) > maxPollChars {
-				return fmt.Errorf("poll option too long, %d characters provided but limit is %d", len(p), maxPollChars)
+			if length := len([]rune(p)); length > maxPollChars {
+				return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
 			}
 		}
 	}
 
 	if form.SpoilerText != "" {
-		if len(form.SpoilerText) > maxCwChars {
-			return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", len(form.SpoilerText), maxCwChars)
+		if length := len([]rune(form.SpoilerText)); length > maxCwChars {
+			return fmt.Errorf("content-warning/spoilertext too long, %d characters provided but limit is %d", length, maxCwChars)
 		}
 	}
 

internal/validate/formvalidation.go

@@ -50,7 +50,7 @@ func NewPassword(password string) error {
 		return errors.New("no password provided")
 	}
 
-	if len(password) > maximumPasswordLength {
+	if len([]rune(password)) > maximumPasswordLength {
 		return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
 	}
 
@@ -113,12 +113,14 @@ func SignUpReason(reason string, reasonRequired bool) error {
 		return errors.New("no reason provided")
 	}
 
-	if len(reason) < minimumReasonLength {
-		return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, len(reason))
+	length := len([]rune(reason))
+
+	if length < minimumReasonLength {
+		return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, length)
 	}
 
-	if len(reason) > maximumReasonLength {
-		return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, len(reason))
+	if length > maximumReasonLength {
+		return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, length)
 	}
 	return nil
 }
@@ -164,7 +166,7 @@ func CustomCSS(customCSS string) error {
 		return errors.New("accounts-allow-custom-css is not enabled for this instance")
 	}
 
-	if length := len(customCSS); length > maximumCustomCSSLength {
+	if length := len([]rune(customCSS)); length > maximumCustomCSSLength {
 		return fmt.Errorf("custom_css must be less than %d characters, but submitted custom_css was %d characters", maximumCustomCSSLength, length)
 	}
 	return nil
@@ -182,35 +184,35 @@ func EmojiShortcode(shortcode string) error {
 
 // SiteTitle ensures that the given site title is within spec.
 func SiteTitle(siteTitle string) error {
-	if len(siteTitle) > maximumSiteTitleLength {
-		return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, len(siteTitle))
+	if length := len([]rune(siteTitle)); length > maximumSiteTitleLength {
+		return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, length)
 	}
 
 	return nil
 }
 
 // SiteShortDescription ensures that the given site short description is within spec.
 func SiteShortDescription(d string) error {
-	if len(d) > maximumShortDescriptionLength {
-		return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, len(d))
+	if length := len([]rune(d)); length > maximumShortDescriptionLength {
+		return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, length)
 	}
 
 	return nil
 }
 
 // SiteDescription ensures that the given site description is within spec.
 func SiteDescription(d string) error {
-	if len(d) > maximumDescriptionLength {
-		return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, len(d))
+	if length := len([]rune(d)); length > maximumDescriptionLength {
+		return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, length)
 	}
 
 	return nil
 }
 
 // SiteTerms ensures that the given site terms string is within spec.
 func SiteTerms(t string) error {
-	if len(t) > maximumSiteTermsLength {
-		return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, len(t))
+	if length := len([]rune(t)); length > maximumSiteTermsLength {
+		return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, length)
 	}
 
 	return nil

internal/validate/formvalidation_test.go

@@ -233,6 +233,7 @@ func (suite *ValidationTestSuite) TestValidateReason() {
 	badReason := "because"
 	goodReason := "to smash the state and destroy capitalism ultimately and completely"
 	tooLong := "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris auctor mollis viverra. Maecenas maximus mollis sem, nec fermentum velit consectetur non. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor. Curabitur velit tellus, facilisis vitae lorem a, ullamcorper efficitur leo. Sed a auctor tortor. Sed ut finibus ante, sit amet laoreet sapien. Donec ullamcorper tellus a nibh sodales vulputate. Donec id dolor eu odio mollis bibendum. Pellentesque habitant morbi tristique senectus et netus at."
+	unicode := "⎾⎿⏀⏁⏂⏃⏄⏅⏆⏇"
 	var err error
 
 	// check with no reason required
@@ -256,6 +257,11 @@ func (suite *ValidationTestSuite) TestValidateReason() {
 		assert.Equal(suite.T(), nil, err)
 	}
 
+	err = validate.SignUpReason(unicode, false)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
 	// check with reason required
 	err = validate.SignUpReason(empty, true)
 	if assert.Error(suite.T(), err) {