fix character length validation

AndrewPaglusch · Jun 15, 2022 · a6d98c6 · a6d98c6
1 parent 385079a
commit a6d98c6
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/index.php b/index.php
@@ -67,7 +67,10 @@ function display_secret_code() {
 		global $settings;
 
 		# verify secret length isnt too long
-		if ( strlen($_POST['secret']) > $settings['max_secret_length'] ) { throw new exception($settings['messages']['error_secret_too_long']); }
+		# newlines are always \r\n, so replace with \n so the strlen count is accurate
+		if ( strlen(str_replace("\r\n", "\n", $_POST['secret'])) > $settings['max_secret_length'] ) {
+			throw new exception($settings['messages']['error_secret_too_long']);
+		}
 
 		$message = store_secret($_POST['secret'], $settings);