aboutsummaryrefslogtreecommitdiff
path: root/ctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ctl.c')
-rw-r--r--ctl.c37
1 files changed, 18 insertions, 19 deletions
diff --git a/ctl.c b/ctl.c
index e4b25a7..712b31a 100644
--- a/ctl.c
+++ b/ctl.c
@@ -37,12 +37,9 @@ newpost()
void
newuser()
{
- char *confirm, *hlite, *msg, *name, *full, *p, *pass, *v;
+ char *confirm, *hlite, msg[128], *name, *full, *p, *pass, *v;
char title[] = "New User";
- if(!(msg = malloc(128)))
- err(1, "malloc");
-
*msg = 0;
confirm = hlite = name = full = pass = NULL;
@@ -52,7 +49,15 @@ newuser()
return;
}
- while(p = nextparam(POST, MAXUSERPARAM)){
+ if(query.length > MAXUSERDATA){
+ snprintf(msg, 128, "Input exceeded server limitations");
+ printf("Status: 431 Request Header Fields Too Large\n");
+ printf("Content-Type: text/html\n\n");
+ #include "t/newuser.tc"
+ return;
+ }
+
+ while(p = nextparam(POST, NULL, MAXUSERDATA)){
if(!(v = split(p))) continue;
if(!confirm && strcmp(p, "confirm") == 0)
@@ -65,20 +70,6 @@ newuser()
pass = strdup(v);
else
continue;
-
- if(TRUNCATED(p)){
- hlite = strdup(p);
- snprintf(msg, 128,
- "Input length exceeds server limitations");
- goto err;
- }
- }
-
- /* Ensure all required fields are there. */
- if(!name || !*name || !pass || !*pass){
- hlite = (!name || !*name)? strdup("name"): strdup("pass");
- snprintf(msg, 128, "Required field missing");
- goto err;
}
/* Decode URL-encoded fields. */
@@ -103,6 +94,13 @@ newuser()
goto err;
}
+ /* Ensure all required fields are there. */
+ if(!name || !*name || !pass || !*pass){
+ hlite = (!name || !*name)? strdup("name"): strdup("pass");
+ snprintf(msg, 128, "Required field missing");
+ goto err;
+ }
+
if(pass && confirm && strcmp(pass, confirm) != 0){
snprintf(msg, 128, "Passwords do not match");
goto err;
@@ -112,6 +110,7 @@ newuser()
printf("You are valid\n");
return;
err:
+ printf("Status: 400 Bad Request\n");
printf("Content-Type: text/html\n\n");
#include "t/newuser.tc"
return;