Show length error when Configs provided are too long (#1920)

* Show an error when a config is too long
2025-12-17 14:04:20 +01:00 · 2021-06-26 00:04:36 -04:00
parent dd05f57b6a
commit 08ff0f2ed6
6 changed files with 52 additions and 4 deletions
--- a/CTFd/api/v1/config.py
+++ b/CTFd/api/v1/config.py
@@ -89,6 +89,9 @@ class ConfigList(Resource):
        response = schema.load(req)

        if response.errors:
+            # Inject config key into error
+            config_key = response.data["key"]
+            response.errors["value"][0] = f"{config_key} config is too long"
            return {"success": False, "errors": response.errors}, 400

        db.session.add(response.data)
@@ -109,8 +112,15 @@ class ConfigList(Resource):
    )
    def patch(self):
        req = request.get_json()
+        schema = ConfigSchema()

        for key, value in req.items():
+            response = schema.load({"key": key, "value": value})
+            if response.errors:
+                # Inject config key into error
+                config_key = response.data["key"]
+                response.errors["value"][0] = f"{config_key} config is too long"
+                return {"success": False, "errors": response.errors}, 400
            set_config(key=key, value=value)

        clear_config()
--- a/CTFd/schemas/config.py
+++ b/CTFd/schemas/config.py
@@ -1,3 +1,6 @@
+from marshmallow import validate
+from marshmallow_sqlalchemy import field_for
+
 from CTFd.models import Configs, ma
 from CTFd.utils import string_types

@@ -9,6 +12,12 @@ class ConfigSchema(ma.ModelSchema):
        dump_only = ("id",)

    views = {"admin": ["id", "key", "value"]}
+    key = field_for(Configs, "key", required=True)
+    value = field_for(
+        Configs,
+        "value",
+        validate=[validate.Length(max=64000, error="Config is too long")],
+    )

    def __init__(self, view=None, *args, **kwargs):
        if view:
--- a/CTFd/themes/admin/assets/js/pages/configs.js
+++ b/CTFd/themes/admin/assets/js/pages/configs.js
@@ -119,8 +119,17 @@ function updateConfigs(event) {
    }
  });

-  CTFd.api.patch_config_list({}, params).then(_response => {
-    window.location.reload();
+  CTFd.api.patch_config_list({}, params).then(function(_response) {
+    if (_response.success) {
+      window.location.reload();
+    } else {
+      let errors = _response.errors.value.join("\n");
+      ezAlert({
+        title: "Error!",
+        body: errors,
+        button: "Okay"
+      });
+    }
  });
 }

--- a/CTFd/themes/admin/static/js/pages/configs.dev.js
+++ b/CTFd/themes/admin/static/js/pages/configs.dev.js
--- a/CTFd/themes/admin/static/js/pages/configs.min.js
+++ b/CTFd/themes/admin/static/js/pages/configs.min.js
--- a/tests/api/v1/test_config.py
+++ b/tests/api/v1/test_config.py
@@ -103,3 +103,23 @@ def test_api_config_delete_admin():
            assert r.status_code == 200
            assert get_config("ctf_name") is None
    destroy_ctfd(app)
+
+
+def test_long_values():
+    """Can a config value that is bigger than 64,000 be accepted"""
+    app = create_ctfd()
+    with app.app_context():
+        with login_as_user(app, "admin") as admin:
+            long_text = "a" * 65000
+            r = admin.post(
+                "/api/v1/configs", json={"key": "ctf_footer", "value": long_text}
+            )
+            data = r.get_json()
+            assert data["errors"]["value"][0] == "ctf_footer config is too long"
+
+            r = admin.patch("/api/v1/configs", json={"ctf_theme": long_text})
+            data = r.get_json()
+            assert data["errors"]["value"][0] == "ctf_theme config is too long"
+            assert r.status_code == 400
+
+    destroy_ctfd(app)