summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/rhimportd/uploadWeb.go13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/rhimportd/uploadWeb.go b/src/rhimportd/uploadWeb.go
index 02d918c..e0326ad 100644
--- a/src/rhimportd/uploadWeb.go
+++ b/src/rhimportd/uploadWeb.go
@@ -57,6 +57,10 @@ func webUploadResponse(w http.ResponseWriter, file string) {
encoder.Encode(respdata)
}
+const (
+ webUploadMaxRequestSize = 2 << 30 // 2GB
+)
+
func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport.SessionStoreChan, trusted bool, w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
http.ServeFile(w, r, "./html/upload-form.html")
@@ -69,7 +73,14 @@ func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport
return
}
- if err := r.ParseMultipartForm(2 << 30); err != nil { // TODO: howto limit max file size???
+ // This is from: stackoverflow.com/questions/26392196
+ if r.ContentLength > webUploadMaxRequestSize {
+ rhl.Printf("WebUploadHandler: request ist to large: %d > %d", r.ContentLength, webUploadMaxRequestSize)
+ webUploadErrorResponse(w, http.StatusExpectationFailed, "request too large")
+ return
+ }
+ r.Body = http.MaxBytesReader(w, r.Body, webUploadMaxRequestSize)
+ if err := r.ParseMultipartForm(32 << 10); err != nil {
rhl.Printf("WebUploadHandler: error while parsing multi-part-form: %v", err)
webUploadErrorResponse(w, http.StatusBadRequest, err.Error())
return