Closed Bug 793303 Opened 12 years ago Closed 12 years ago

Implement content constraints on uploads

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: ygjb, Assigned: rtucker)

References

Details

Yvan Boily [:ygjb][:yvan]

Reporter

Description

•

12 years ago

Issue
The site accepts file uploads without any constraints.  At a minimum, the size of the upload should be constrained to a reasonable size.

Recommendation
Implement a subset of the recommendations in the secure coding guidelines for file uploads.

Rob Tucker [:rtucker]

Assignee

Comment 1

•

12 years ago

Will implement a size of 10MB. Is that ok?

Assignee: nobody → rtucker

Rob Tucker [:rtucker]

Assignee

Comment 2

•

12 years ago

I'm now raising a ValidationError if the user tries to upload a file larger than 10MB. Per conversation on IRC this is reasonable. File at commit is visible here:
https://github.com/rtucker-mozilla/disk_key_encrypter/blob/d185dbae44bc0bc417b1ba31d00a57d2d1e619df/apps/site/forms.py#L15

Rob Tucker [:rtucker]

Assignee

Comment 3

•

12 years ago

This is completed as evident in the commit.

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: mozilla.org → mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Implement content constraints on uploads

Categories

(mozilla.org Graveyard :: Server Operations: Projects, task)

Tracking

(Not tracked)

People

(Reporter: ygjb, Assigned: rtucker)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated