Use configured size limit to keep previews in check.

2025-02-01 07:49:10 +00:00 · 2012-07-23 15:38:06 +12:00 · 2012-07-23 15:38:06 +12:00 · 3027aae142
commit 3027aae142
parent 5283bb2507
3 changed files with 14 additions and 15 deletions
--- a/libpathod/app.py
+++ b/libpathod/app.py
@ -62,7 +62,6 @@ def onelog(lid):
    return render_template("onelog.html", section="log", alog=l, lid=lid)


-SANITY = 1024*1024
@app.route('/preview')
 def preview():
    spec = request.args["spec"]
@ -78,11 +77,8 @@ def preview():
        args["syntaxerror"] = str(v)
        args["marked"] = v.marked()
        return render_template("preview.html", **args)
-    if r.length() > SANITY:
-        error = "Refusing to preview a response of %s bytes. This is for your own good."%r.length()
-        args["error"] = error
-    else:
+
    s = cStringIO.StringIO()
-        r.serve(s)
+    r.serve(s, check=app.config["pathod"].check_size)
    args["output"] = s.getvalue()
    return render_template("preview.html", **args)
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@ -83,7 +83,7 @@ class PathodHandler(tcp.BaseHandler):
            httpversion = httpversion,
        )
        if crafted:
-            response_log = crafted.serve(self.wfile, self.check_size)
+            response_log = crafted.serve(self.wfile, self.server.check_size)
            self.server.add_log(
                dict(
                    type = "crafted",
@ -107,11 +107,6 @@ class PathodHandler(tcp.BaseHandler):
            self.debug("%s %s"%(method, path))
        return True

-    def check_size(self, req, actions):
-        if self.server.sizelimit and req.effective_length(actions) > self.server.sizelimit:
-            return "Response too large."
-        return False
-
    def handle(self):
        if self.server.ssloptions:
            try:
@ -179,6 +174,14 @@ class Pathod(tcp.TCPServer):
                    raise PathodError("Invalid page spec in anchor: '%s', %s"%(i[1], str(v)))
                self.anchors.append((arex, aresp))

+    def check_size(self, req, actions):
+        """
+            A policy check that verifies the request size is withing limits.
+        """
+        if self.sizelimit and req.effective_length(actions) > self.sizelimit:
+            return "Response too large."
+        return False
+
    @property
    def request_settings(self):
        return dict(
--- a/libpathod/rparse.py
+++ b/libpathod/rparse.py
@ -708,7 +708,7 @@ class PathodErrorResponse(Response):
        Response.__init__(self)
        self.code = 800
        self.msg = LiteralGenerator(msg)
-        self.body = LiteralGenerator(body or msg)
+        self.body = LiteralGenerator("pathod error: " + (body or msg))
        self.headers = [
            (
                LiteralGenerator("Content-Type"),