From: Joey Hess Date: Mon, 23 Jan 2012 22:36:33 +0000 (-0400) Subject: recentchangesdiff: truncate extremely large diffs X-Git-Tag: 3.20120202~52 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/bfda13f16c3a055b30d7e5448dd6640a12898adc?hp=0376a8da8ac42a4c7da4acfd588767ff8e062364 recentchangesdiff: truncate extremely large diffs A diff was already truncated after 200 lines. But it could still be arbitrarily enormous, if a spammer or other random noise source likes long lines. That could use a lot of memory to html encode etc the diff and fill it into the template. Truncating after 100kb seems sufficient; it allows for 200 lines of up to 512 characters each. --- diff --git a/IkiWiki/Plugin/recentchangesdiff.pm b/IkiWiki/Plugin/recentchangesdiff.pm index 71297572d..418822793 100644 --- a/IkiWiki/Plugin/recentchangesdiff.pm +++ b/IkiWiki/Plugin/recentchangesdiff.pm @@ -31,13 +31,21 @@ sub pagetemplate (@) { my @lines=IkiWiki::rcs_diff($params{rev}, $maxlines+1); if (@lines) { my $diff; + my $trunc=0; if (@lines > $maxlines) { - $diff=join("", @lines[0..($maxlines-1)])."\n". - gettext("(Diff truncated)"); + $diff=join("", @lines[0..($maxlines-1)]); + $trunc=1; } else { $diff=join("", @lines); } + if (length $diff > 102400) { + $diff=substr($diff, 0, 10240); + $trunc=1; + } + if ($trunc) { + $diff.="\n".gettext("(Diff truncated)"); + } # escape html $diff = encode_entities($diff); # escape links and preprocessor stuff