X-Git-Url: https://git.distorted.org.uk/~mdw/odin-cgi/blobdiff_plain/f5224f759ab768753bc456f3e000dc31a5b50575..fc8074b35d1b16d35726247fcc0dc86d59b83a3a:/lib/Odin.pm

diff --git a/lib/Odin.pm b/lib/Odin.pm
index 551c51f..26a2f80 100644
--- a/lib/Odin.pm
+++ b/lib/Odin.pm
@@ -33,6 +33,8 @@ our @URLPAT = (
   qr{^https?://}
 );
 
+our $PASTEMAXLEN = 1024*1024;
+
 our %COOKIE_DEFAULTS = (
   -httponly => undef,
   -max_age => 3600
@@ -427,6 +429,8 @@ sub tidy_pastebin_content ($) {
   return undef unless defined $content;
   $content =~ tr/\r//d;
   $content =~ s/([^\n])\z/$1\n/;
+  length $content <= $PASTEMAXLEN or
+    fail "invalid paste content", ".badpaste";
   return $content;
 }