diff --git a/conf.py.sample b/conf.py.sample index 85ade3a..db9c184 100644 --- a/conf.py.sample +++ b/conf.py.sample @@ -23,6 +23,9 @@ config["ALLOWED_EXTENSIONS"] = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif']) config["DELETE_FILES"] = True config["TIME"] = 30 config["CLEAN_INTERVAL"] = 120 +# If possible, make your web server return a 413 instead of using this +config["CHECK_FILESIZE"] = True +config["MAX_FILESIZE"] = 1024 * 1024 * 100 # 100 MiB # Site info displayed to the user config["SITE_DATA"] = { diff --git a/run.py b/run.py index 5049387..869eb87 100755 --- a/run.py +++ b/run.py @@ -79,6 +79,10 @@ def upload_file(): # Only continue if a file that's allowed gets submitted. if file and allowed_file(file.filename): + if config["CHECK_FILESIZE"]: + data = request.files["file"].read() + if len(data) >= config["MAX_FILESIZE"]: + return error_page("O-o-onii-chan, noo it's too big ~~"), 413 filename = secure_filename(file.filename) while os.path.exists(os.path.join(config["UPLOAD_FOLDER"], filename)): filename = str(randint(1000,8999)) + '-' + secure_filename(filename)