Add a limit of message length > 512

diff --git a/plugin/md5.inc.php b/plugin/md5.inc.php
index fcf635e..c827e46 100644 (file)
--- a/plugin/md5.inc.php
+++ b/plugin/md5.inc.php
@@ -1,8 +1,10 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: md5.inc.php,v 1.5 2004/11/28 06:31:04 henoheno Exp $
+// $Id: md5.inc.php,v 1.6 2004/11/28 13:20:23 henoheno Exp $
 //  MD5 plugin
 
+define('PLUGIN_MD5_LIMIT_LENGTH', 512);
+
 function plugin_md5_action()
 {
        global $script, $get, $post;
@@ -10,12 +12,16 @@ function plugin_md5_action()
        // Wait POST
        $key = isset($post['key']) ? $post['key'] : '';
        if ($key != '') {
+               plugin_md5_checklimit($key);
                // Compute (Don't show its $key at the same time)
                return array('msg'=>'MD5', 'body'=>'Hash: ' . md5($key));
        } else {
                // If cmd=md5&md5=password, set only (Don't compute)
                $value = isset($get['md5']) ? $get['md5'] : '';
-               if ($value != '') $value  = 'value="' . htmlspecialchars($value) . '" ';
+               if ($value != '') {
+                       plugin_md5_checklimit($value);
+                       $value  = 'value="' . htmlspecialchars($value) . '" ';
+               }
                $form = <<<EOD
 <form action="$script" method="post">
  <div>
@@ -29,4 +35,10 @@ EOD;
                return array('msg'=>'MD5', 'body'=>$form);
        }
 }
+
+function plugin_md5_checklimit($text)
+{
+       if (strlen($text) > PLUGIN_MD5_LIMIT_LENGTH)
+               die_message('Limit: malicious message length');
+}
 ?>