From 067ca5bb607c3d3ca82a98304ab39dc25779ca07 Mon Sep 17 00:00:00 2001 From: Noah van der Aa Date: Mon, 21 Feb 2022 23:59:28 +0100 Subject: [PATCH] Actually enforce upload file size limit (#122) --- config/config.go | 4 ++-- router/router_server_files.go | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index e2737f7..e0508ae 100644 --- a/config/config.go +++ b/config/config.go @@ -89,8 +89,8 @@ type ApiConfiguration struct { // servers. DisableRemoteDownload bool `json:"disable_remote_download" yaml:"disable_remote_download"` - // The maximum size for files uploaded through the Panel in bytes. - UploadLimit int `default:"100" json:"upload_limit" yaml:"upload_limit"` + // The maximum size for files uploaded through the Panel in MB. + UploadLimit int64 `default:"100" json:"upload_limit" yaml:"upload_limit"` } // RemoteQueryConfiguration defines the configuration settings for remote requests diff --git a/router/router_server_files.go b/router/router_server_files.go index b8202c3..976cd11 100644 --- a/router/router_server_files.go +++ b/router/router_server_files.go @@ -3,6 +3,7 @@ package router import ( "bufio" "context" + "github.com/pterodactyl/wings/config" "io" "mime/multipart" "net/http" @@ -537,8 +538,16 @@ func postServerUploadFiles(c *gin.Context) { directory := c.Query("directory") + maxFileSize := config.Get().Api.UploadLimit + maxFileSizeBytes := maxFileSize * 1024 * 1024 var totalSize int64 for _, header := range headers { + if header.Size > maxFileSizeBytes { + c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{ + "error": "File " + header.Filename + " is larger than the maximum file upload size of " + strconv.FormatInt(maxFileSize, 10) + " MB.", + }) + return + } totalSize += header.Size }