lod/0x0
1
0
Fork 0
forked from mia/0x0
Code Pull requests Activity

Prevent unreasonably long MIME types

Browse source
This commit is contained in:
Mia Herkt 2022-12-13 23:41:12 +01:00
parent 77801efd21
commit 57c4b6853f
No known key found for this signature in database
GPG key ID: 72E154B8622EC191
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
fhost.py
View file

@ -227,6 +227,9 @@ class File(db.Model):
if mime in app.config["FHOST_MIME_BLACKLIST"] or guess in app.config["FHOST_MIME_BLACKLIST"]:
abort(415)
if len(mime) > 128:
abort(400)
if mime.startswith("text/") and not "charset" in mime:
mime += "; charset=utf-8"