From e276b9bfaf5795ed9e5ec4896fc9d2678ff8e51c Mon Sep 17 00:00:00 2001 From: Ben Morrison Date: Fri, 30 Aug 2019 17:46:23 -0400 Subject: ensure submitted posts are utf8 --- src/db.rs | 2 +- src/main.rs | 23 +++++++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/db.rs b/src/db.rs index 07655c5..b79a789 100644 --- a/src/db.rs +++ b/src/db.rs @@ -31,7 +31,7 @@ impl Conn { conn.execute( "CREATE TABLE IF NOT EXISTS posts ( - id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, + id INTEGER PRIMARY KEY NOT NULL, title TEXT NOT NULL, author TEXT NOT NULL, body TEXT NOT NULL diff --git a/src/main.rs b/src/main.rs index ff1783a..6eb06fa 100644 --- a/src/main.rs +++ b/src/main.rs @@ -50,14 +50,28 @@ fn main() { list_matches(&db); } +// Make sure nobody encodes narsty characters +// into a message to negatively affect other +// users +fn str_to_utf8(str: &str) -> String { + str.chars() + .map(|c| { + let mut buf = [0; 4]; + c.encode_utf8(&mut buf).to_string() + }) + .collect::() +} + fn list_matches(db: &db::Conn) { let mut stmt = db.conn.prepare("SELECT * FROM posts").unwrap(); let out = stmt .query_map(rusqlite::NO_PARAMS, |row| { - let id = row.get(0)?; - let title = row.get(1)?; - let author = row.get(2)?; - let body = row.get(3)?; + let id: u32 = row.get(0)?; + let title: String = row.get(1)?; + let author: String = row.get(2)?; + let body: String = row.get(3)?; + let title = str_to_utf8(&title); + let body = str_to_utf8(&body); Ok(db::Post { id, title, @@ -191,6 +205,7 @@ fn delete(db: &db::Conn) { let mut id_num_in = String::new(); io::stdin().read_line(&mut id_num_in).unwrap(); let id_num_in: u32 = id_num_in.trim().parse().unwrap(); + println!(); let del_stmt = format!("DELETE FROM posts WHERE id = {}", id_num_in); let get_stmt = format!("SELECT * FROM posts WHERE id = {}", id_num_in); -- cgit 1.4.1-2-gfad0