Skip to content

Commit

Permalink
Fix #1240: ignore files when checking request size for multipart requ…
Browse files Browse the repository at this point in the history
…ests
  • Loading branch information
EliotBerriot committed Feb 7, 2019
1 parent 60d93ed commit e93a5de
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 5 deletions.
5 changes: 4 additions & 1 deletion channels/http.py
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,11 @@ def __init__(self, scope, body):
# TODO: chunked bodies

# Limit the maximum request data size that will be handled in-memory.
# but only for non-multipart requests, because files are handled
# differently by django, see #1240
if (
settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None
self.content_type != "multipart/form-data"
and settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None
and self._content_length > settings.DATA_UPLOAD_MAX_MEMORY_SIZE
):
raise RequestDataTooBig(
Expand Down
34 changes: 30 additions & 4 deletions tests/test_http.py
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ def test_size_exceeded(self):
"headers": {"host": b"example.com", "content-length": b"1000"},
},
b"",
)
).body

def test_size_check_ignore_files(self):
body = (
Expand All @@ -189,10 +189,10 @@ def test_size_check_ignore_files(self):
+ b"My First Book\r\n"
+ b"--BOUNDARY\r\n"
+ b'Content-Disposition: form-data; name="pdf"; filename="book.pdf"\r\n\r\n'
+ b"FAKEPDFBYTESGOHERE"
+ b"FAKEPDFBYTESGOHERETHISISREALLYLONGBUTNOTUSEDTOCOMPUTETHESIZEOFTHEREQUEST"
+ b"--BOUNDARY--"
)
with override_settings(DATA_UPLOAD_MAX_MEMORY_SIZE=10):
with override_settings(DATA_UPLOAD_MAX_MEMORY_SIZE=60):
AsgiRequest(
{
"http_version": "1.1",
Expand All @@ -204,7 +204,33 @@ def test_size_check_ignore_files(self):
},
},
body,
)
).POST

def test_size_check_ignore_files_but_honor_other_post_data(self):
body = (
b"--BOUNDARY\r\n"
+ b'Content-Disposition: form-data; name="title"\r\n\r\n'
+ b"My First Book\r\n"
+ b"--BOUNDARY\r\n"
+ b'Content-Disposition: form-data; name="pdf"; filename="book.pdf"\r\n\r\n'
+ b"FAKEPDFBYTESGOHERETHISISREALLYLONGBUTNOTUSEDTOCOMPUTETHESIZEOFTHEREQUEST"
+ b"--BOUNDARY--"
)
request = AsgiRequest(
{
"http_version": "1.1",
"method": "POST",
"path": "/test/",
"headers": {
"content-type": b"multipart/form-data; boundary=BOUNDARY",
"content-length": str(len(body)).encode("ascii"),
},
},
body,
)
with override_settings(DATA_UPLOAD_MAX_MEMORY_SIZE=1):
with pytest.raises(RequestDataTooBig):
request.POST


### Handler tests
Expand Down

0 comments on commit e93a5de

Please sign in to comment.