Read max 6MB from archive to protect against tar/zipbombs
This commit is contained in:
parent
e525ea2431
commit
2777c4c537
1 changed files with 1 additions and 1 deletions
|
@ -66,7 +66,7 @@ class UiRequestPlugin(object):
|
|||
return super(UiRequestPlugin, self).actionSiteMedia(path, **kwargs)
|
||||
|
||||
def streamFile(self, file):
|
||||
while 1:
|
||||
for i in range(100): # Read max 6MB
|
||||
try:
|
||||
block = file.read(60 * 1024)
|
||||
if block:
|
||||
|
|
Loading…
Reference in a new issue