Prevent import of insanely large files

This commit is contained in:
Samantaz Fox 2022-01-12 01:28:58 +01:00
parent 2a541cb4d5
commit 81a2300af8
No known key found for this signature in database
GPG Key ID: F42821059186176E

View File

@ -4,7 +4,15 @@ def parse_subscription_export_csv(csv_content : String)
rows = CSV.new(csv_content, headers: true) rows = CSV.new(csv_content, headers: true)
subscriptions = Array(String).new subscriptions = Array(String).new
# Counter to limit the amount of imports.
# This is intended to prevent DoS.
row_counter = 0
rows.each do |row| rows.each do |row|
# Limit to 1200
row_counter += 1
break if row_counter > 1_200
# Channel ID is the first column in the csv export we can't use the header # Channel ID is the first column in the csv export we can't use the header
# name, because the header name is localized depending on the # name, because the header name is localized depending on the
# language the user has set on their account # language the user has set on their account