mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 07:50:54 +00:00
Added MaxMemory limit to CopyBody()
Beego only uses the MaxMemory flag when using go's built in functions for parsing forms. However the CopyBody() function have no limit an will coppy anny amount of data into memory using ioutil.ReedAll() on the request body whitout anny size validation or limit. This fix wrapps input.Requst.Body in a LimitedReader using the same memory limit as ParseFormOrMulitForm()
This commit is contained in:
parent
1576add9a2
commit
52c4c1fb98
@ -17,6 +17,7 @@ package context
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/url"
|
||||
"reflect"
|
||||
@ -296,8 +297,9 @@ func (input *BeegoInput) Session(key interface{}) interface{} {
|
||||
}
|
||||
|
||||
// CopyBody returns the raw request body data as bytes.
|
||||
func (input *BeegoInput) CopyBody() []byte {
|
||||
requestbody, _ := ioutil.ReadAll(input.Context.Request.Body)
|
||||
func (input *BeegoInput) CopyBody(MaxMemory int64) []byte {
|
||||
safe := &io.LimitedReader{R:input.Context.Request.Body, N:MaxMemory}
|
||||
requestbody, _ := ioutil.ReadAll(safe)
|
||||
input.Context.Request.Body.Close()
|
||||
bf := bytes.NewBuffer(requestbody)
|
||||
input.Context.Request.Body = ioutil.NopCloser(bf)
|
||||
|
@ -659,7 +659,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
|
||||
if r.Method != "GET" && r.Method != "HEAD" {
|
||||
if BConfig.CopyRequestBody && !context.Input.IsUpload() {
|
||||
context.Input.CopyBody()
|
||||
context.Input.CopyBody(BConfig.MaxMemory)
|
||||
}
|
||||
context.Input.ParseFormOrMulitForm(BConfig.MaxMemory)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user