Implement content constraints on uploads

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations: Projects
RESOLVED FIXED
6 years ago
3 years ago

People

(Reporter: ygjb, Assigned: rtucker)

Tracking

Details

(Reporter)

Description

6 years ago
Issue
The site accepts file uploads without any constraints.  At a minimum, the size of the upload should be constrained to a reasonable size.

Recommendation
Implement a subset of the recommendations in the secure coding guidelines for file uploads.
(Assignee)

Comment 1

6 years ago
Will implement a size of 10MB. Is that ok?
Assignee: nobody → rtucker
(Assignee)

Comment 2

6 years ago
I'm now raising a ValidationError if the user tries to upload a file larger than 10MB. Per conversation on IRC this is reasonable. File at commit is visible here:
https://github.com/rtucker-mozilla/disk_key_encrypter/blob/d185dbae44bc0bc417b1ba31d00a57d2d1e619df/apps/site/forms.py#L15
(Assignee)

Comment 3

6 years ago
This is completed as evident in the commit.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.