# HG changeset patch # User Kim Alvefur # Date 1442227794 -7200 # Node ID 03c5639882a771d56458b57f663c4dfa77df73ae # Parent e3a0ebe671cc05622627f799344eadebc095fda3 mod_http_upload: Add support for a file size limit diff -r e3a0ebe671cc -r 03c5639882a7 mod_http_upload/README.markdown --- a/mod_http_upload/README.markdown Mon Sep 14 12:45:00 2015 +0200 +++ b/mod_http_upload/README.markdown Mon Sep 14 12:49:54 2015 +0200 @@ -39,6 +39,15 @@ "http_upload"; } +Limits +------ + +A maximum file size can be set by: + +``` {.lua} +http_upload_file_size_limit = 10 * 1024 * 1024 -- this is 10MB in bytes +``` + Compatibility ============= diff -r e3a0ebe671cc -r 03c5639882a7 mod_http_upload/mod_http_upload.lua --- a/mod_http_upload/mod_http_upload.lua Mon Sep 14 12:45:00 2015 +0200 +++ b/mod_http_upload/mod_http_upload.lua Mon Sep 14 12:49:54 2015 +0200 @@ -16,6 +16,9 @@ return a .. package.config:sub(1,1) .. b; end +-- config +local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 10 * 1024 * 1024); -- 10 MB + -- depends module:depends("http"); module:depends("disco"); @@ -46,6 +49,16 @@ origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid filename")); return true; end + local filesize = tonumber(request:get_child_text("size")); + if not filesize then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing or invalid file size")); + return true; + elseif filesize > file_size_limit then + origin.send(st.error_reply(stanza, "modify", "not-acceptable", "File too large", + st.stanza("file-too-large", {xmlns=xmlns_http_upload}) + :tag("max-size"):text(tostring(file_size_limit)))); + return true; + end local reply = st.reply(stanza); reply:tag("slot", { xmlns = xmlns_http_upload }); local random = uuid(); @@ -66,6 +79,10 @@ if not random then return 400; end + if #event.request.body > file_size_limit then + module:log("error", "Uploaded file too large %d bytes", #event.request.body); + return 400; + end local dirname = join_path(storage_path, random); if not lfs.mkdir(dirname) then module:log("error", "Could not create directory %s for upload", dirname);