johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Upload: Reject files that exceed the originals limit #4929 #4895 #2049

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2025-04-05 12:43:51 +02:00
parent b0e42bebf1
commit fe424d8966
5 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/fs/zip.go
View File

@@ -91,7 +91,7 @@ func ZipFile(zipWriter *zip.Writer, fileName, fileAlias string, compress bool) (
}
// Unzip extracts the contents of a zip file to the target directory.
func Unzip(zipName, dir string) (files []string, err error) {
func Unzip(zipName, dir string, sizeLimit int64) (files []string, err error) {
zipReader, err := zip.OpenReader(zipName)
if err != nil {
@@ -104,6 +104,8 @@ func Unzip(zipName, dir string) (files []string, err error) {
// Skip directories like __OSX and potentially malicious file names containing "..".
if strings.HasPrefix(zipFile.Name, "__") || strings.Contains(zipFile.Name, "..") {
continue
} else if sizeLimit > 0 && zipFile.UncompressedSize64 > uint64(sizeLimit) {
continue
}
fileName, unzipErr := UnzipFile(zipFile, dir)