diff options
| author | Samantaz Fox <coding@samantaz.fr> | 2022-01-12 01:28:58 +0100 |
|---|---|---|
| committer | Samantaz Fox <coding@samantaz.fr> | 2022-01-12 01:28:58 +0100 |
| commit | 81a2300af88c137e1c9be7577a9c68deb45499a0 (patch) | |
| tree | 418d3694559094bb77f175dd52d20c616d77ebe6 | |
| parent | 2a541cb4d5bedafdfa720ea15f245b50d51438f7 (diff) | |
| download | invidious-81a2300af88c137e1c9be7577a9c68deb45499a0.tar.gz invidious-81a2300af88c137e1c9be7577a9c68deb45499a0.tar.bz2 invidious-81a2300af88c137e1c9be7577a9c68deb45499a0.zip | |
Prevent import of insanely large files
| -rw-r--r-- | src/invidious/user/imports.cr | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/invidious/user/imports.cr b/src/invidious/user/imports.cr index 98a62c17..2ae1dcb1 100644 --- a/src/invidious/user/imports.cr +++ b/src/invidious/user/imports.cr @@ -4,7 +4,15 @@ def parse_subscription_export_csv(csv_content : String) rows = CSV.new(csv_content, headers: true) subscriptions = Array(String).new + # Counter to limit the amount of imports. + # This is intended to prevent DoS. + row_counter = 0 + rows.each do |row| + # Limit to 1200 + row_counter += 1 + break if row_counter > 1_200 + # Channel ID is the first column in the csv export we can't use the header # name, because the header name is localized depending on the # language the user has set on their account |