Prevent unreasonably long MIME types

2022-12-13 23:41:12 +01:00 · 2022-12-13 23:41:12 +01:00 · 57c4b6853f
parent 77801efd21
commit 57c4b6853f
1 changed files with 3 additions and 0 deletions
--- a/fhost.py
+++ b/fhost.py
@ -227,6 +227,9 @@ class File(db.Model):
            if mime in app.config["FHOST_MIME_BLACKLIST"] or guess in app.config["FHOST_MIME_BLACKLIST"]:
                abort(415)

+            if len(mime) > 128:
+                abort(400)
+
            if mime.startswith("text/") and not "charset" in mime:
                mime += "; charset=utf-8"