godotengine / godot-asset-library

PHP frontend for Godot Engine's asset library
https://godotengine.org/asset-library
MIT License
294 stars 98 forks source link

Better input validation #142

Open merumelu opened 6 years ago

merumelu commented 6 years ago

At the moment there is not general validation for user input other than errorResponseIfMissingOrNotString , you can for example enter "11111111111111111111111" as asset version and will get a database error.

Also in most cases the current system ignores any subsequent errors and only reports the first one which isn't optimal either.

akien-mga commented 6 years ago

Better input validation should also be used to prevent such spam edits:

The warnings displayed show that we already have logic to catch defects, but it should be made blocking and not only a post-submission warning. Some strict rules would be useful to avoid spam (no URL in title, GitHub repository URL should be a valid repository URL, etc.)

akien-mga commented 6 years ago

Just had to remove 20 spams from 10 spam accounts made over the last 10 days... Still manageable manually but a waste of time, and better input validation would have prevented all of them since none had a valid repository URL.