diff options
Diffstat (limited to 'web/html/pkgsubmit.php')
-rw-r--r-- | web/html/pkgsubmit.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index df7c4671..17e1967a 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -26,6 +26,18 @@ if ($_COOKIE["AURSID"]): $error = __("Error - No file uploaded"); } + # Check uncompressed file size (ZIP bomb protection) + if (!$error && $MAX_FILESIZE_UNCOMPRESSED) { + $fh = fopen($_FILES['pfile']['tmp_name'], 'rb'); + fseek($fh, -4, SEEK_END); + $filesize_uncompressed = end(unpack('V', fread($fh, 4))); + fclose($fh); + + if ($filesize_uncompressed > $MAX_FILESIZE_UNCOMPRESSED) { + $error = __("Error - uncompressed file size too large."); + } + } + $uid = uid_from_sid($_COOKIE['AURSID']); if (!$error) { |