lib/Odin.pm, mason/pastebin/dhandler: Apply a size limit on pastes.

author Mark Wooding <mdw@distorted.org.uk>

Fri, 24 Jul 2015 17:46:40 +0000 (18:46 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Fri, 24 Jul 2015 18:17:00 +0000 (19:17 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Fri, 24 Jul 2015 17:46:40 +0000 (18:46 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Fri, 24 Jul 2015 18:17:00 +0000 (19:17 +0100)
diff --git a/lib/Odin.pm b/lib/Odin.pm

index 551c51f..26a2f80 100644 (file)
--- a/lib/Odin.pm
+++ b/lib/Odin.pm
@@ -33,6 +33,8 @@ our @URLPAT = (
    qr{^https?://}
  );
  
+our $PASTEMAXLEN = 1024*1024;
+
  our %COOKIE_DEFAULTS = (
    -httponly => undef,
    -max_age => 3600
@@ -427,6 +429,8 @@ sub tidy_pastebin_content ($) {
    return undef unless defined $content;
    $content =~ tr/\r//d;
    $content =~ s/([^\n])\z/$1\n/;
+  length $content <= $PASTEMAXLEN or
+    fail "invalid paste content", ".badpaste";
    return $content;
  }
  
diff --git a/mason/pastebin/dhandler b/mason/pastebin/dhandler

index d798eef..8583981 100644 (file)
--- a/mason/pastebin/dhandler
+++ b/mason/pastebin/dhandler
@@ -76,6 +76,15 @@ tag &lsquo;<% $tag %>&rsquo; not found
  </%args>
  </%def>
  %#
+<%def .badpaste>
+<&| SELF:error, status => 400 &>\
+invalid paste content
+</&>
+<%args>
+       $tag
+</%args>
+</%def>
+%#
  <%def .badhash>
  <&| SELF:error, status => 403 &>\
  incorrect edit key
author	Mark Wooding <mdw@distorted.org.uk>
	Fri, 24 Jul 2015 17:46:40 +0000 (18:46 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Fri, 24 Jul 2015 18:17:00 +0000 (19:17 +0100)
lib/Odin.pm		patch \| blob \| blame \| history
mason/pastebin/dhandler		patch \| blob \| blame \| history