A diff was already truncated after 200 lines. But it could still be
arbitrarily enormous, if a spammer or other random noise source likes long
lines. That could use a lot of memory to html encode etc the diff and fill
it into the template. Truncating after 100kb seems sufficient; it allows
for 200 lines of up to 512 characters each.
my @lines=IkiWiki::rcs_diff($params{rev}, $maxlines+1);
if (@lines) {
my $diff;
+ my $trunc=0;
if (@lines > $maxlines) {
- $diff=join("", @lines[0..($maxlines-1)])."\n".
- gettext("(Diff truncated)");
+ $diff=join("", @lines[0..($maxlines-1)]);
+ $trunc=1;
}
else {
$diff=join("", @lines);
}
+ if (length $diff > 102400) {
+ $diff=substr($diff, 0, 10240);
+ $trunc=1;
+ }
+ if ($trunc) {
+ $diff.="\n".gettext("(Diff truncated)");
+ }
# escape html
$diff = encode_entities($diff);
# escape links and preprocessor stuff