From 51a2c85954e77068c6afbb4ca54159086220aefd Mon Sep 17 00:00:00 2001 From: Michael Muré Date: Sat, 17 Apr 2021 17:40:11 +0200 Subject: make sure every text input is safe and validated fix #630 --- termui/termui.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'termui/termui.go') diff --git a/termui/termui.go b/termui/termui.go index ec5387a4..3e7f43b9 100644 --- a/termui/termui.go +++ b/termui/termui.go @@ -11,6 +11,7 @@ import ( "github.com/MichaelMure/git-bug/entity" "github.com/MichaelMure/git-bug/input" "github.com/MichaelMure/git-bug/query" + "github.com/MichaelMure/git-bug/util/text" ) var errTerminateMainloop = errors.New("terminate gocui mainloop") @@ -199,7 +200,10 @@ func newBugWithEditor(repo *cache.RepoCache) error { return errTerminateMainloop } else { - b, _, err = repo.NewBug(title, message) + b, _, err = repo.NewBug( + text.CleanupOneLine(title), + text.Cleanup(message), + ) if err != nil { return err } @@ -235,7 +239,7 @@ func addCommentWithEditor(bug *cache.BugCache) error { if err == input.ErrEmptyMessage { ui.msgPopup.Activate(msgPopupErrorTitle, "Empty message, aborting.") } else { - _, err := bug.AddComment(message) + _, err := bug.AddComment(text.Cleanup(message)) if err != nil { return err } @@ -270,7 +274,7 @@ func editCommentWithEditor(bug *cache.BugCache, target entity.Id, preMessage str } else if message == preMessage { ui.msgPopup.Activate(msgPopupErrorTitle, "No changes found, aborting.") } else { - _, err := bug.EditComment(target, message) + _, err := bug.EditComment(target, text.Cleanup(message)) if err != nil { return err } @@ -307,7 +311,7 @@ func setTitleWithEditor(bug *cache.BugCache) error { } else if title == snap.Title { ui.msgPopup.Activate(msgPopupErrorTitle, "No change, aborting.") } else { - _, err := bug.SetTitle(title) + _, err := bug.SetTitle(text.CleanupOneLine(title)) if err != nil { return err } -- cgit