changeset 116:de898247fbff

limit file count when unzipping an attachment imported from: moin--main--1.5--patch-118
author Thomas Waldmann <tw@waldmann-edv.de>
date Mon, 17 Oct 2005 23:29:32 +0000
parents 4369c2fc023a
children 4775d5ff5f40
files MoinMoin/action/AttachFile.py MoinMoin/multiconfig.py
diffstat 2 files changed, 14 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Mon Oct 17 21:38:51 2005 +0000
+++ b/MoinMoin/action/AttachFile.py	Mon Oct 17 23:29:32 2005 +0000
@@ -637,12 +637,14 @@
     valid_pathname = lambda name: (name.find('/') == -1) and (name.find('\\') == -1)
 
     filename, fpath = _access_file(pagename, request)
-    if not filename: return # error msg already sent in _access_file
+    if not filename:
+        return # error msg already sent in _access_file
 
     attachment_path = getAttachDir(request, pagename)
     single_file_size = request.cfg.unzip_single_file_size
     attachments_file_space = request.cfg.unzip_attachments_space
-    
+    max_file_count = request.cfg.unzip_file_count
+
     files = _get_files(request, pagename)
 
     msg = ""
@@ -656,11 +658,14 @@
         if zipfile.is_zipfile(fpath):
             zf = zipfile.ZipFile(fpath)
             sum_size_over_all_valid_files = 0.0
+            count_valid_files = 0
             for name in zf.namelist():
                 if valid_pathname(name):
                     sum_size_over_all_valid_files += zf.getinfo(name).file_size
+                    count_valid_files += 1
 
-            if sum_size_over_all_valid_files < available_attachments_file_space:
+            if (sum_size_over_all_valid_files < available_attachments_file_space and
+                count_valid_files < max_file_count):
                 valid_name = False
                 for name in zf.namelist():
                     if valid_pathname(name):
@@ -688,9 +693,11 @@
             else:
                 msg=_("Attachment '%(filename)s' could not be unzipped because"
                       " the resulting files would be too large (%(space)d kB"
-                      " missing).") % {'filename': filename,
-                    'space': (sum_size_over_all_valid_files -
-                              available_attachments_file_space) / 1000}
+                      " missing) or more than %(count)d files.") % {
+                        'filename': filename,
+                        'space': (sum_size_over_all_valid_files -
+                              available_attachments_file_space) / 1000,
+                        'count': max_file_count }
         else:
             msg = _('The file %(target)s is not a .zip file.' % target)
 
--- a/MoinMoin/multiconfig.py	Mon Oct 17 21:38:51 2005 +0000
+++ b/MoinMoin/multiconfig.py	Mon Oct 17 23:29:32 2005 +0000
@@ -389,6 +389,7 @@
 
     unzip_single_file_size = 2.0 * 1000**2
     unzip_attachments_space = 200.0 * 1000**2
+    unzip_file_count = 50
 
     xmlrpc_putpage_enabled = 0 # if 0, putpage will write to a test page only
     xmlrpc_putpage_trusted_only = 1 # if 1, you will need to be http auth authenticated