From bfda13f16c3a055b30d7e5448dd6640a12898adc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 23 Jan 2012 18:36:33 -0400 Subject: [PATCH] recentchangesdiff: truncate extremely large diffs A diff was already truncated after 200 lines. But it could still be arbitrarily enormous, if a spammer or other random noise source likes long lines. That could use a lot of memory to html encode etc the diff and fill it into the template. Truncating after 100kb seems sufficient; it allows for 200 lines of up to 512 characters each. --- IkiWiki/Plugin/recentchangesdiff.pm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/IkiWiki/Plugin/recentchangesdiff.pm b/IkiWiki/Plugin/recentchangesdiff.pm index 71297572d..418822793 100644 --- a/IkiWiki/Plugin/recentchangesdiff.pm +++ b/IkiWiki/Plugin/recentchangesdiff.pm @@ -31,13 +31,21 @@ sub pagetemplate (@) { my @lines=IkiWiki::rcs_diff($params{rev}, $maxlines+1); if (@lines) { my $diff; + my $trunc=0; if (@lines > $maxlines) { - $diff=join("", @lines[0..($maxlines-1)])."\n". - gettext("(Diff truncated)"); + $diff=join("", @lines[0..($maxlines-1)]); + $trunc=1; } else { $diff=join("", @lines); } + if (length $diff > 102400) { + $diff=substr($diff, 0, 10240); + $trunc=1; + } + if ($trunc) { + $diff.="\n".gettext("(Diff truncated)"); + } # escape html $diff = encode_entities($diff); # escape links and preprocessor stuff -- 2.39.5