From ef451d93ac506e5dd271d27ae5986e60e08c3808 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Tue, 16 Sep 2014 18:10:01 +0200
Subject: [PATCH] Added protection against too big uploads

---
 data/config.ini                    |  1 +
 src/Services/PostService.php       |  3 +++
 tests/Services/PostServiceTest.php | 14 ++++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/data/config.ini b/data/config.ini
index 827f5c52..a4472801 100644
--- a/data/config.ini
+++ b/data/config.ini
@@ -12,6 +12,7 @@ activationBodyPath = mail/activation.txt
 
 [database]
 dsn = sqlite:db.sqlite
+maxPostSize = 10485760 ;10mb
 
 [security]
 secret = change
diff --git a/src/Services/PostService.php b/src/Services/PostService.php
index 67d88350..eb1211e4 100644
--- a/src/Services/PostService.php
+++ b/src/Services/PostService.php
@@ -77,6 +77,9 @@ class PostService
 		if (!$content)
 			throw new \DomainException('File cannot be empty.');
 
+		if (strlen($content) > $this->config->database->maxPostSize)
+			throw new \DomainException('Upload is too big.');
+
 		$mime = \Szurubooru\Helpers\MimeHelper::getMimeTypeFromBuffer($content);
 
 		if (\Szurubooru\Helpers\MimeHelper::isFlash($mime))
diff --git a/tests/Services/PostServiceTest.php b/tests/Services/PostServiceTest.php
index c5605339..713a05dd 100644
--- a/tests/Services/PostServiceTest.php
+++ b/tests/Services/PostServiceTest.php
@@ -20,6 +20,7 @@ class PostServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$this->authServiceMock = $this->mock(\Szurubooru\Services\AuthService::class);
 		$this->timeServiceMock = $this->mock(\Szurubooru\Services\TimeService::class);
 		$this->fileServiceMock = $this->mock(\Szurubooru\Services\FileService::class);
+		$this->configMock->set('database/maxPostSize', 1000000);
 	}
 
 
@@ -143,6 +144,19 @@ class PostServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$this->postService->createPost($formData);
 	}
 
+	public function testTooBigUpload()
+	{
+		$formData = new \Szurubooru\FormData\UploadFormData;
+		$formData->safety = \Szurubooru\Entities\Post::POST_SAFETY_SAFE;
+		$formData->tags = ['test'];
+		$formData->content = 'aa';
+
+		$this->configMock->set('database/maxPostSize', 1);
+		$this->setExpectedException(\Exception::class, 'Upload is too big');
+
+		$this->postService = $this->getPostService();
+		$this->postService->createPost($formData);
+	}
 
 	public function testAnonymousUploads()
 	{