mirror of
https://github.com/astaxie/beego.git
synced 2024-11-21 17:50:53 +00:00
Merge pull request #4275 from flycash/fix-4224
add MaxUploadFile to provide more safety uploading controll
This commit is contained in:
commit
03ba495b7f
@ -43,7 +43,11 @@ type Config struct {
|
||||
RecoverFunc func(*context.Context, *Config)
|
||||
CopyRequestBody bool
|
||||
EnableGzip bool
|
||||
// MaxMemory and MaxUploadSize are used to limit the request body
|
||||
// if the request is not uploading file, MaxMemory is the max size of request body
|
||||
// if the request is uploading file, MaxUploadSize is the max size of request body
|
||||
MaxMemory int64
|
||||
MaxUploadSize int64
|
||||
EnableErrorsShow bool
|
||||
EnableErrorsRender bool
|
||||
Listen Listen
|
||||
@ -215,6 +219,7 @@ func newBConfig() *Config {
|
||||
CopyRequestBody: false,
|
||||
EnableGzip: false,
|
||||
MaxMemory: 1 << 26, // 64MB
|
||||
MaxUploadSize: 1 << 30, // 1GB
|
||||
EnableErrorsShow: true,
|
||||
EnableErrorsRender: true,
|
||||
Listen: Listen{
|
||||
@ -302,7 +307,7 @@ func assignConfig(ac config.Configer) error {
|
||||
|
||||
err := ac.Unmarshaler("", BConfig)
|
||||
if err != nil {
|
||||
_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf("Unmarshaler config file to BConfig failed. " +
|
||||
_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf("Unmarshaler config file to BConfig failed. "+
|
||||
"And if you are working on v1.x config file, please ignore this, err: %s", err))
|
||||
return err
|
||||
}
|
||||
|
@ -423,8 +423,7 @@ func (input *BeegoInput) SetData(key, val interface{}) {
|
||||
// ParseFormOrMultiForm parseForm or parseMultiForm based on Content-type
|
||||
func (input *BeegoInput) ParseFormOrMultiForm(maxMemory int64) error {
|
||||
// Parse the body depending on the content type.
|
||||
input.Context.Request.Body = http.MaxBytesReader(input.Context.ResponseWriter, input.Context.Request.Body, maxMemory)
|
||||
if strings.Contains(input.Header("Content-Type"), "multipart/form-data") {
|
||||
if input.IsUpload() {
|
||||
if err := input.Context.Request.ParseMultipartForm(maxMemory); err != nil {
|
||||
return errors.New("Error parsing request body:" + err.Error())
|
||||
}
|
||||
|
@ -710,7 +710,12 @@ func (p *ControllerRegister) serveHttp(ctx *beecontext.Context) {
|
||||
}
|
||||
|
||||
if r.Method != http.MethodGet && r.Method != http.MethodHead {
|
||||
if p.cfg.CopyRequestBody && !ctx.Input.IsUpload() {
|
||||
|
||||
if ctx.Input.IsUpload() {
|
||||
ctx.Input.Context.Request.Body = http.MaxBytesReader(ctx.Input.Context.ResponseWriter,
|
||||
ctx.Input.Context.Request.Body,
|
||||
p.cfg.MaxUploadSize)
|
||||
} else if p.cfg.CopyRequestBody {
|
||||
// connection will close if the incoming data are larger (RFC 7231, 6.5.11)
|
||||
if r.ContentLength > p.cfg.MaxMemory {
|
||||
logs.Error(errors.New("payload too large"))
|
||||
@ -718,6 +723,10 @@ func (p *ControllerRegister) serveHttp(ctx *beecontext.Context) {
|
||||
goto Admin
|
||||
}
|
||||
ctx.Input.CopyBody(p.cfg.MaxMemory)
|
||||
} else {
|
||||
ctx.Input.Context.Request.Body = http.MaxBytesReader(ctx.Input.Context.ResponseWriter,
|
||||
ctx.Input.Context.Request.Body,
|
||||
p.cfg.MaxMemory)
|
||||
}
|
||||
|
||||
err = ctx.Input.ParseFormOrMultiForm(p.cfg.MaxMemory)
|
||||
|
Loading…
Reference in New Issue
Block a user