prosody
a853a018eede
plugins/mod_http_file_share.lua
Software / code / prosody
Comparison
plugins/mod_http_file_share.lua @ 11323:a853a018eede
mod_http_file_share: Validate file size early in HTTP PUT request
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 27 Jan 2021 17:47:04 +0100 |
| parent | 11322:4ade9810ce35 |
| child | 11324:494761f5d7da |
comparison
equal
deleted
inserted
replaced
| 11322:4ade9810ce35 | 11323:a853a018eede |
|---|---|
| 163 end | 163 end |
| 164 if not path or upload_info.slot ~= path:match("^[^/]+") then | 164 if not path or upload_info.slot ~= path:match("^[^/]+") then |
| 165 module:log("debug", "Invalid upload slot: %q, path: %q", upload_info.slot, path); | 165 module:log("debug", "Invalid upload slot: %q, path: %q", upload_info.slot, path); |
| 166 return 400; | 166 return 400; |
| 167 end | 167 end |
| 168 if request.headers.content_length and tonumber(request.headers.content_length) ~= upload_info.filesize then | |
| 169 return 413; | |
| 170 -- Note: We don't know the size if the upload is streamed in chunked encoding, | |
| 171 -- so we also check the final file size on completion. | |
| 172 end | |
| 168 | 173 |
| 169 local filename = dm.getpath(upload_info.slot, module.host, module.name, nil, true); | 174 local filename = dm.getpath(upload_info.slot, module.host, module.name, nil, true); |
| 170 | 175 |
| 171 if not request.body_sink then | 176 if not request.body_sink then |
| 172 module:log("debug", "Preparing to receive upload into %q, expecting %s", filename, B(upload_info.filesize)); | 177 module:log("debug", "Preparing to receive upload into %q, expecting %s", filename, B(upload_info.filesize)); |
