diff options
author | Ben Morrison <ben@gbmor.dev> | 2019-08-30 17:46:23 -0400 |
---|---|---|
committer | Ben Morrison <ben@gbmor.dev> | 2019-08-30 17:46:23 -0400 |
commit | e276b9bfaf5795ed9e5ec4896fc9d2678ff8e51c (patch) | |
tree | 64ecbe963d5fc8e7356729572a25213951b29b0e /src | |
parent | ebc4efa5d0cc8bf552d528baa5b4e68956aea764 (diff) | |
download | clinte-e276b9bfaf5795ed9e5ec4896fc9d2678ff8e51c.tar.gz |
ensure submitted posts are utf8
Diffstat (limited to 'src')
-rw-r--r-- | src/db.rs | 2 | ||||
-rw-r--r-- | src/main.rs | 23 |
2 files changed, 20 insertions, 5 deletions
diff --git a/src/db.rs b/src/db.rs index 07655c5..b79a789 100644 --- a/src/db.rs +++ b/src/db.rs @@ -31,7 +31,7 @@ impl Conn { conn.execute( "CREATE TABLE IF NOT EXISTS posts ( - id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + id INTEGER PRIMARY KEY NOT NULL, title TEXT NOT NULL, author TEXT NOT NULL, body TEXT NOT NULL diff --git a/src/main.rs b/src/main.rs index ff1783a..6eb06fa 100644 --- a/src/main.rs +++ b/src/main.rs @@ -50,14 +50,28 @@ fn main() { list_matches(&db); } +// Make sure nobody encodes narsty characters +// into a message to negatively affect other +// users +fn str_to_utf8(str: &str) -> String { + str.chars() + .map(|c| { + let mut buf = [0; 4]; + c.encode_utf8(&mut buf).to_string() + }) + .collect::<String>() +} + fn list_matches(db: &db::Conn) { let mut stmt = db.conn.prepare("SELECT * FROM posts").unwrap(); let out = stmt .query_map(rusqlite::NO_PARAMS, |row| { - let id = row.get(0)?; - let title = row.get(1)?; - let author = row.get(2)?; - let body = row.get(3)?; + let id: u32 = row.get(0)?; + let title: String = row.get(1)?; + let author: String = row.get(2)?; + let body: String = row.get(3)?; + let title = str_to_utf8(&title); + let body = str_to_utf8(&body); Ok(db::Post { id, title, @@ -191,6 +205,7 @@ fn delete(db: &db::Conn) { let mut id_num_in = String::new(); io::stdin().read_line(&mut id_num_in).unwrap(); let id_num_in: u32 = id_num_in.trim().parse().unwrap(); + println!(); let del_stmt = format!("DELETE FROM posts WHERE id = {}", id_num_in); let get_stmt = format!("SELECT * FROM posts WHERE id = {}", id_num_in); |