From 7b08cf42d6938fe91c72cf36504133e48001b3a2 Mon Sep 17 00:00:00 2001 From: Jake Mannens Date: Mon, 25 May 2026 18:16:28 +1000 Subject: Added basic string sanitization to ApiMediaController --- Controllers/ApiMediaController.cs | 7 ++++--- Util.cs | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Controllers/ApiMediaController.cs b/Controllers/ApiMediaController.cs index a1b07b1..58fd043 100644 --- a/Controllers/ApiMediaController.cs +++ b/Controllers/ApiMediaController.cs @@ -1,5 +1,6 @@ using HyperBooru.ApiModels; using HyperBooru.Services; +using HyperBooru.Util; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; @@ -54,8 +55,8 @@ public class ApiMediaController : Controller { if(media is null) return NotFound(); - media.ShortDescription = updatedMedia.ShortDescription; - media.LongDescription = updatedMedia.LongDescription; + media.ShortDescription = updatedMedia.ShortDescription.NullIfEmpty(); + media.LongDescription = updatedMedia.LongDescription.NullIfEmpty(); await db.SaveChangesAsync(); await transaction.CommitAsync(); @@ -87,7 +88,7 @@ public class ApiMediaController : Controller { metadata?.LastAccessTime, metadata?.LastWriteTime, metadata?.CreateTime, - metadata?.Path, + metadata?.Path.NullIfEmpty(), metadata?.PathType, metadata?.Tags); diff --git a/Util.cs b/Util.cs index 6af6c81..7de2b6e 100644 --- a/Util.cs +++ b/Util.cs @@ -5,6 +5,11 @@ public static class Extensions { "K", "M", "G", "T", "P", "E", "Z", "Y", "R", "Q" }; + public static string? NullIfEmpty(this string s) { + s = s.Trim(); + return string.IsNullOrEmpty(s) ? null : s; + } + public static DateTime? TryParseDateTimeUtc(this string s) { bool success = DateTime.TryParse(s, out var dateTime); return success ? DateTime.SpecifyKind(dateTime, DateTimeKind.Utc) : null; -- cgit v1.3