Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registration issues #612

Merged
merged 5 commits into from
Jul 12, 2024
Merged

Registration issues #612

merged 5 commits into from
Jul 12, 2024

Conversation

bmartin5692
Copy link
Contributor

Devcontainer:

  • Update devcontainer mysql-apt-config version that was preventing it from building properly

Registration:

  • Fix validation patterns that were throwing errors in the console
  • Avatar validation - validate as part of form_validation, to prevent an issue where a user is created in a bad state and is unable to play (or even be managed/deleted by an admin in the UI)

Avatar code consolidation:

  • Consolidate avatar code under the XSSImageCheck lib with other avatar functions

@bmartin5692
update devcontainer mysql-apt-config
791fa2b 
update mysql-apt-config version to latest (0.8.32), the previous (0.8.16) was no longer building properly
@bmartin5692
fix email pattern
8421bad
@bmartin5692
fix for motto pattern
d27719e 
needed to double-escape
@bmartin5692
simplify motto pattern
0b70b3a 
This allows basically anything, as our users wanted emojis, and various punctuation allowed for their mottos.

Have tested against a number of XSS and malicious inputs, without any ill effects so far.... ex `<script>alert('XSS')</script>`
@bmartin5692
consolidate avatar saving and validation
0f50491 
consolidate the avatar saving code in XSSImageCheck
- Box, Team, User all had their own implementations, combined these into one `save_avatar`
- new `avatar_validation` function

Registration:
- check avatar validation as part of form_validation function. Previously if a user provided a bad image the user/team would be created but then it would fail at avatar creation/saving....leaving them in a bad state and unable to play
@eljeffeg eljeffeg merged commit 74f4c17 into moloch--:master Jul 12, 2024
2 checks passed
@eljeffeg
Copy link
Collaborator

Make sure to add yourself to templates/public/about.html next time if you'd like. 🥇

pluto00987 added a commit to pluto00987/RootTheBox that referenced this pull request Sep 13, 2024
@pluto00987
Fix box edit avatar upload
7a064ce 
Box avatar upload was broken by moloch--#612
Also adjust the moloch--#617 fix by moving the validation call after the
posible un-tuple
eljeffeg pushed a commit that referenced this pull request Sep 15, 2024
@pluto00987
A few minor fixes/improvements (#618)
521deb8 
* Align example nginx_vhost.config with nginx.conf

The vhost config had bad copy/paste for scoreboard

* Fix teams starting score when banking is disabled

If not using banking/money, score should start at 0

* Add default identicon avatar for teams

There is already default identicon for users. Should do for teams too
for some default avatar variety

* Fix box edit avatar upload

Box avatar upload was broken by #612
Also adjust the #617 fix by moving the validation call after the
posible un-tuple
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bmartin5692 @eljeffeg