[Travel Feed] Title validation allows invalid permlink to be added to broadcast
Project Information
Repository: https://github.com/travelfeed-io/travelfeed-io/
Project Name: Travel Feed
Describe the bug
If you attempt to create a post with a title using only characters such as "-----" this will cause an error during a broadcast, this is because of the stripping of these "---" prior to posting within the permlink.
Note: This will also occur with combinations of ! #, I'm sure there are also other characters that would provide this behavior.
To Reproduce
Steps to reproduce the behavior:
- Go to https://travelfeed.io/ and sign in.
- Go to the create post within travel feed
- Enter a title that such as "-------"
- Enter any post body that meets the validation of 250 words.
- Publish the post
- Note that the post cannot be created.
Expected behavior
When a user creates an uses a title such as "-----" they should not be able to submit the post until it would create a valid permlink, alternatively the post should be able to be submitted and a permalink is generated by Travel Feed.
Error Details
Upon submission the following error code is provided:
error: "server_error"
error_description: "permlink.size() > STEEM_MIN_PERMLINK_LENGTH && permlink.size() < STEEM_MAX_PERMLINK_LENGTH: Permlink is not a valid size."
Request Payload
The following shows the request payload, you can see that the permlink sent in the request is an empty string.
{
"operations":[
[
"comment",
{
"parent_author":"",
"parent_permlink":"travelfeed",
"author":"votezilla",
"permlink":"",
"title":"-------------",
"body":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam sed arcu interdum, luctus augue eget, rhoncus turpis. Etiam id erat non metus mattis pellentesque nec non ante. ",
"json_metadata":"{\"tags\":[\"travelfeed\"],\"app\":\"travelfeed/1.0.0\",\"community\":\"travelfeed\",\"image\":[],\"links\":[],\"users\":[]}"
}
]
]
}
Resolution
The following is able to be passed into the permlink of Steem:
- A - Z or 0 - 9 Characters
- A hyphen (-)
- Min Length of 1
- Max Length of 255
If the chosen method is to use the title, the validation should be adjusted to use these characters or optimally, upon post the title should allow any characters as mentioned, thus giving a user full control and the characters that don't meet the above should be substituted. In the event a user only passes illegal characters for the permlink, a permlink should be generated by checking the length prior to broadcast.
Environment
- Browser: Google Chrome (Version 75.0.3770.100 (Official Build) (64-bit))
- Device: MacBook Pro (Retina, 15-inch, Late 2013)
- Operating system: MacOS Mojave Version 10.14.4
GitHub Account
A link to my GitHub account can be found here:
A link to the issue reported on GitHub can be found here:
Hi @tobias-g, thanks for making this contribution
It is very well detailed. I like that you included an analysis. It helped bring to light what exactly went wrong. Your answers to the PO's questions were solid as well. This sets an example that other hunters can and should follow.
If I understood very well, sanitizing the title input (in the case of "____") for illegal characters returned an empty string. So you are suggesting that instead of removing the characters, they should be replaced by something else. Or this should apply only when all the characters provided are illegal?
Great report. I look forward to your next contribution :)
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Thank you for your review, @fego! Keep up the good work!
Hi, @tobias-g!
You just got a 0.82% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Hi @tobias-g!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
As previously discussed on Github, thanks a lot for this bug report! We love seeing contributions to TravelFeed
Hey, @tobias-g!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!