Prevent unreasonably long MIME types

This commit is contained in:
Mia Herkt 2022-12-13 23:41:12 +01:00
parent 77801efd21
commit 57c4b6853f
No known key found for this signature in database
GPG Key ID: 72E154B8622EC191

View File

@ -227,6 +227,9 @@ class File(db.Model):
if mime in app.config["FHOST_MIME_BLACKLIST"] or guess in app.config["FHOST_MIME_BLACKLIST"]:
abort(415)
if len(mime) > 128:
abort(400)
if mime.startswith("text/") and not "charset" in mime:
mime += "; charset=utf-8"