Throw 400s for invalid input
This commit is contained in:
parent
cc622dbdf1
commit
a6b170eca3
|
|
@ -64,7 +64,7 @@ get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };
|
|||
any [qw{GET POST}], '/sign' => sub ($c) {
|
||||
my $v = $c->validation() if $c->req->method eq 'POST';
|
||||
|
||||
if ($c->req->method eq 'POST' && $v->has_data) {
|
||||
if ($v && $v->has_data) {
|
||||
my $name = $c->param('name') || 'Anonymous';
|
||||
my $url = $c->param('url');
|
||||
my $message = $c->param('message');
|
||||
|
|
@ -78,7 +78,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
|
|||
$v->optional('url', 'not_empty')->size(1, 255)
|
||||
->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);
|
||||
|
||||
unless ($v->has_error) {
|
||||
if ($v->has_error) {
|
||||
$c->stash(status => 400)
|
||||
}
|
||||
else {
|
||||
$c->message->create_post($name, $message, $url, $spam);
|
||||
|
||||
$c->flash(error => 'This message was flagged as spam') if $spam;
|
||||
|
|
@ -86,6 +89,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
|
|||
return $c->redirect_to(page => {page => 'view'});
|
||||
}
|
||||
}
|
||||
# Throw a 400 for POST with null body too
|
||||
elsif ($v) {
|
||||
$c->stash(status => 400)
|
||||
}
|
||||
|
||||
# Try to randomize things for the CAPTCHA challenge. The
|
||||
# string 'false' actually evaluates to true so this is an
|
||||
|
|
|
|||
11
t/sign.t
11
t/sign.t
|
|
@ -26,18 +26,23 @@ my %valid_form = (
|
|||
message => 'Ayy... lmao',
|
||||
answer => 'false'
|
||||
);
|
||||
# Null POST body
|
||||
my %null_form;
|
||||
|
||||
$t->ua->max_redirects(1);
|
||||
|
||||
# Valid requests
|
||||
$t->get_ok('/sign')->status_is(200)->text_is(h2 => 'Sign the Guestbook');
|
||||
$t->post_ok('/sign', form => \%valid_form)->status_is(200);
|
||||
$t->post_ok('/sign', form => \%valid_form)->status_is(200)
|
||||
->text_is(h2 => 'Messages from the World Wide Web');
|
||||
|
||||
# Invalid input
|
||||
$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
|
||||
$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
|
||||
->content_like(qr/cannot be blank/);
|
||||
$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
|
||||
$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
|
||||
->content_like(qr/URL does not appear to be/);
|
||||
$t->post_ok('/sign', form => \%null_form)->status_is(400)
|
||||
->text_is(h2 => 'Sign the Guestbook');
|
||||
|
||||
# Spam test
|
||||
$t->post_ok('/sign', form => \%spam_form)->status_is(403)
|
||||
|
|
|
|||
Loading…
Reference in a new issue