From 142e67cad63d1986f8753d9f0c2d4a40d6a45a3d Mon Sep 17 00:00:00 2001 From: Archie Jaskowicz Date: Mon, 22 Jul 2024 15:22:05 +0100 Subject: [PATCH] feat: Added file size limit to avatars and banners (#1209) --- include/dpp/user.h | 2 ++ src/dpp/cluster/user.cpp | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/include/dpp/user.h b/include/dpp/user.h index 060273b6da..cc7acadadd 100644 --- a/include/dpp/user.h +++ b/include/dpp/user.h @@ -28,6 +28,8 @@ namespace dpp { +constexpr uint32_t MAX_AVATAR_SIZE = 10240 * 1000; // 10240KB. + /** * @brief Various bitmask flags used to represent information about a dpp::user */ diff --git a/src/dpp/cluster/user.cpp b/src/dpp/cluster/user.cpp index f50732ee57..671fdb64a9 100644 --- a/src/dpp/cluster/user.cpp +++ b/src/dpp/cluster/user.cpp @@ -38,10 +38,19 @@ void cluster::current_user_edit(const std::string &nickname, const std::string& }; if (!avatar_blob.empty()) { + if(avatar_blob.size() > MAX_AVATAR_SIZE) { // Avatar limit is 10240 kb. + throw dpp::length_exception(err_icon_size, "Avatar file exceeds discord limit of 10240 kilobytes"); + } j["avatar"] = "data:" + mimetypes.find(avatar_type)->second + ";base64," + base64_encode((unsigned char const*)avatar_blob.data(), static_cast(avatar_blob.length())); } if (!banner_blob.empty()) { + /* There doesn't seem to be a banner limit (probably due to the limit of 640x280) + * however, this is here as a precautionary. + */ + if(banner_blob.size() > MAX_AVATAR_SIZE) { + throw dpp::length_exception(err_icon_size, "Banner file exceeds discord limit of 10240 kilobytes"); + } j["banner"] = "data:" + mimetypes.find(banner_type)->second + ";base64," + base64_encode((unsigned char const*)banner_blob.data(), static_cast(banner_blob.length())); }