Software / code / prosody
Diff
plugins/mod_http_file_share.lua @ 11319:a4b299e37909
mod_http_file_share: Reject invalid file sizes
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 27 Jan 2021 00:36:49 +0100 |
| parent | 11318:3b16aba6285f |
| child | 11320:817cadf6be92 |
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua Wed Jan 27 00:29:12 2021 +0100 +++ b/plugins/mod_http_file_share.lua Wed Jan 27 00:36:49 2021 +0100 @@ -48,6 +48,7 @@ filetype = { type = "modify"; condition = "not-acceptable"; text = "File type not allowed" }; filesize = { type = "modify"; condition = "not-acceptable"; text = "File too large"; extra = {tag = st.stanza("file-too-large", {xmlns = namespace}):tag("max-file-size"):text(tostring(file_size_limit)) }; + filesizefmt = { type = "modify"; condition = "bad-request"; text = "File size must be positive integer"; } }; }); @@ -62,6 +63,9 @@ return false, upload_errors.new("filename"); end + if not filesize or filesize < 0 or filesize % 1 ~= 0 then + return false, upload_errors.new("filesizefmt"); + end if filesize > file_size_limit then return false, upload_errors.new("filesize"); end
