myrkvi
/
bin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ensure uploaded content is utf8 and not larger than 1 MiB

This commit is contained in:
Vegard Berg 2023-09-13 17:12:03 +02:00
parent d86bc6e1db
commit 70592bfcd0
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
controllers/new.go
View File

@ -5,6 +5,7 @@ import (
"io" "io"
"mime/multipart" "mime/multipart"
"net/http" "net/http"
"unicode/utf8"
"git.myrkvi.com/myrkvi/bin/global" "git.myrkvi.com/myrkvi/bin/global"
"git.myrkvi.com/myrkvi/bin/models" "git.myrkvi.com/myrkvi/bin/models"
@ -40,6 +41,11 @@ func PostNewHandler(c echo.Context) error {
} }
if file != nil { if file != nil {
// Don't bother trying to convert the contents into a string if it is too large.
if file.Size > 1024*1024 {
return utils.RenderErrorToast(c, "file cannot be larger than 1 MiB")
}
text, err = getTextFromFile(file) text, err = getTextFromFile(file)
if name == "" { if name == "" {
name = file.Filename name = file.Filename
@ -48,6 +54,14 @@ func PostNewHandler(c echo.Context) error {
return utils.RenderErrorToast(c, "server-side error occurred") return utils.RenderErrorToast(c, "server-side error occurred")
} }
} }
if len([]byte(text)) > 1024*1024 {
return utils.RenderErrorToast(c, "file cannot be larger than 1 MiB")
}
if !utf8.ValidString(text) {
return utils.RenderErrorToast(c, "submitted content must be utf8")
}
// Determine language from file extension if not set. // Determine language from file extension if not set.
if lang == "" && name != "" { if lang == "" && name != "" {
lexer := lexers.Match(name) lexer := lexers.Match(name)