mia
/
0x0
3
8
Fork 3
Code Issues 11 Pull Requests 2 Projects Releases Wiki Activity

Incorrect file size check leads to confusing error message on status code 413 page #85

New Issue
Closed
opened 2023-06-04 01:52:22 +02:00 by Ghost · 1 comment
Ghost commented 2023-06-04 01:52:22 +02:00
Copy Link

Error page shows a quite confusing and wrong text like: 512.0 MiB > 512.0 MiB in case the uploaded file's size is equal to the file size limit.

Upload file size check on the backend assures the file size is less than MAX_CONTENT_LENGTH, but on the 413 page text clearly states that content-length is greater than MAX_CONTENT_LENGTH which is not true in case if content-length is equal to MAX_CONTENT_LENGTH. Also this prevents uploading files that are equal to the file size limit, which is wrong in my opinion.

File size check:

if l < app.config["MAX_CONTENT_LENGTH"]:
    def urlfile(**kwargs):
        return type('',(),kwargs)()

    f = urlfile(read=r.raw.read, content_type=r.headers["content-type"], filename="")

    return store_file(f, None, addr, ua, secret)
else:
    abort(413)

Status code 413 template:

Remote file too large ({{ request.headers["content-length"]|filesizeformat(True) }} > {{ config["MAX_CONTENT_LENGTH"]|filesizeformat(True) }}).

I think the best way to resolve this issue would be to change the check to use <= operator instead of <.

Error page shows a quite confusing and wrong text like: `512.0 MiB > 512.0 MiB` in case the uploaded file's size is equal to the file size limit. Upload file size check on the backend assures the file size is less than `MAX_CONTENT_LENGTH`, but on the 413 page text clearly states that `content-length` is greater than `MAX_CONTENT_LENGTH` which is not true in case if `content-length` is equal to `MAX_CONTENT_LENGTH`. Also this prevents uploading files that are equal to the file size limit, which is wrong in my opinion. File size check: ``` if l < app.config["MAX_CONTENT_LENGTH"]: def urlfile(**kwargs): return type('',(),kwargs)() f = urlfile(read=r.raw.read, content_type=r.headers["content-type"], filename="") return store_file(f, None, addr, ua, secret) else: abort(413) ``` Status code 413 template: ``` Remote file too large ({{ request.headers["content-length"]|filesizeformat(True) }} > {{ config["MAX_CONTENT_LENGTH"]|filesizeformat(True) }}). ``` I think the best way to resolve this issue would be to change the check to use `<=` operator instead of `<`.
Ghost changed title from Incorrect file size check leads to confusing error on status code 413 page to Incorrect file size check leads to confusing error message on status code 413 page 2023-06-04 01:53:00 +02:00
mia commented 2023-06-04 06:33:46 +02:00
Owner
Copy Link

Oops, you’re right 😅

Oops, you’re right 😅
mia closed this issue 2023-06-04 06:37:31 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
question

   
wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: mia/0x0#85
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?