Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check length of response

Browse Source
This commit is contained in:
Oliver Walters 2021-03-17 23:11:38 +11:00
parent be30933bfa
commit 8b310d8e47
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
InvenTree/part/views.py
View File

@ -872,6 +872,22 @@ class PartImageDownloadFromURL(AjaxUpdateView):
# Download the file # Download the file
response = requests.get(url, stream=True) response = requests.get(url, stream=True)
# Look at response header, reject if too large
content_length = response.headers.get('Content-Length', '0')
try:
content_length = int(content_length)
except (ValueError):
# If we cannot extract meaningful length, just assume it's "small enough"
content_length = 0
# TODO: Factor this out into a configurable setting
MAX_IMG_LENGTH = 10 * 1024 * 1024
if content_length > MAX_IMG_LENGTH:
form.add_error('url', _('Image size exceeds maximum allowable size for download'))
return
self.response = response self.response = response
# Check for valid response code # Check for valid response code