Skip to content

G
golang
Commit ec3fe2a5 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick
Browse files
Options

http: put a limit on POST size 

R=rsc
CC=golang-dev
https://golang.org/cl/4432076
parent 6e71e1ca
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
src/pkg/http/request.go
View file @ ec3fe2a5
...@@ -596,13 +596,17 @@ func (r *Request) ParseForm() (err os.Error) { ...@@ -596,13 +596,17 @@ func (r *Request) ParseForm() (err os.Error) {
ct := r.Header.Get("Content-Type") ct := r.Header.Get("Content-Type")
switch strings.Split(ct, ";", 2)[0] { switch strings.Split(ct, ";", 2)[0] {
case "text/plain", "application/x-www-form-urlencoded", "": case "text/plain", "application/x-www-form-urlencoded", "":
b, e := ioutil.ReadAll(r.Body) const maxFormSize = int64(10 << 20) // 10 MB is a lot of text.
b, e := ioutil.ReadAll(io.LimitReader(r.Body, maxFormSize+1))
if e != nil { if e != nil {
if err == nil { if err == nil {
err = e err = e
} }
break break
} }
if int64(len(b)) > maxFormSize {
return os.NewError("http: POST too large")
}
e = parseQuery(r.Form, string(b)) e = parseQuery(r.Form, string(b))
if err == nil { if err == nil {
err = e err = e
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment