IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Prevent Onebox cache overflow by limiting downloads and URL lengths

Browse Source
This commit is contained in:
Ted Johansson
2023-10-18 10:29:36 +08:00
committed by Krzysztof Kotlarek
parent 3c5fb871c0
commit 95a82d608d
5 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/url_helper.rb
View File

@@ -1,7 +1,7 @@
# frozen_string_literal: true
class UrlHelper
MAX_URL_LENGTH = 100_000
MAX_URL_LENGTH = 2_000
# At the moment this handles invalid URLs that browser address bar accepts
# where second # is not encoded