Commit bbed55bf authored by Arnolds's avatar Arnolds
Browse files

Introduced static secret length limits in secret-api.php: defined... 

Introduced static secret length limits in secret-api.php: defined `SOFT_SECRET_LENGTH_LIMIT` and `HARD_SECRET_LENGTH_LIMIT`, and updated error handling to use these constants.
parent 4540c726

secret-api.php

+7 −2
Original line number Diff line number Diff line 
<?php

/** STATIC CONFIG */

const SOFT_SECRET_LENGTH_LIMIT = 10000;   // UX / guideline

const HARD_SECRET_LENGTH_LIMIT = 20000;   // absolute backend limit

/** END STATIC CONFIG */



header('X-Robots-Tag: noindex, nofollow');



error_reporting(E_ALL);
@@ -48,9 +53,9 @@ if ($method === 'POST' && isset($data['secret'])) { 
        exit;

    }



    if (strlen($data['secret']) > 20000) {

    if (strlen($data['secret']) > HARD_SECRET_LENGTH_LIMIT) {

        http_response_code(413); // Content Too Large

        echo json_encode(['error' => '<p class="mb-0">Ai! Lēnāk ar zirgiem 🐎! Tavs noslēpums ir kā romāns trīs sējumos. Mēģini iekļauties 10000 simbolos, Hemingvej 📚✂️!</p>']);

        echo json_encode(['error' => '<p class="mb-0">Ai! Lēnāk ar zirgiem 🐎! Tavs noslēpums ir kā romāns trīs sējumos. Mēģini iekļauties ' . SOFT_SECRET_LENGTH_LIMIT . ' simbolos, Hemingvej 📚✂️!</p>']);

        exit;

    }