Merge branch 'advisory-fix-1' of github.com:onionshare/onionshare-ghsa-pmjc-j5gp-7hcj into release-2.6.2

cli/onionshare_cli/resources/templates/receive.html

@@ -53,7 +53,7 @@
       <p><input type="file" id="file-select" name="file[]" multiple /></p>
       {% endif %}
       {% if not disable_text %}
-      <p><textarea id="text" name="text" placeholder="Write a message"></textarea></p>
+      <p><textarea id="text" name="text" placeholder="Write a message (max length 524288 characters)" maxlength="524288"></textarea></p>
       {% endif %}
       <p><button type="submit" id="send-button" class="button">Submit</button></p>
     </form>

cli/onionshare_cli/web/receive_mode.py

@@ -194,7 +194,10 @@ class ReceiveModeWeb:
                 if files_received > 0:
                     msg = f"Uploaded {files_msg}"
                 else:
-                    msg = "Nothing submitted"
+                   if not self.web.settings.get("receive", "disable_text"):
+                       msg = "Nothing submitted or message was too long (> 524288 characters)"
+                   else:
+                       msg = "Nothing submitted"
 
             if ajax:
                 info_flashes.append(msg)
@@ -462,7 +465,7 @@ class ReceiveModeRequest(Request):
                 self.includes_message = False
                 if not self.web.settings.get("receive", "disable_text"):
                     text_message = self.form.get("text")
-                    if text_message:
+                    if text_message and len(text_message) <= 524288:
                         if text_message.strip() != "":
                             self.includes_message = True