[CalendarServer-changes] [3460] CalendarServer/trunk/twistedcaldav/method/put_common.py
source_changes at macosforge.org
source_changes at macosforge.org
Thu Dec 4 14:01:10 PST 2008
Revision: 3460
http://trac.macosforge.org/projects/calendarserver/changeset/3460
Author: cdaboo at apple.com
Date: 2008-12-04 14:01:10 -0800 (Thu, 04 Dec 2008)
Log Message:
-----------
Do size check before doing any calendar data parsing.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/method/put_common.py
Modified: CalendarServer/trunk/twistedcaldav/method/put_common.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/method/put_common.py 2008-12-04 21:56:53 UTC (rev 3459)
+++ CalendarServer/trunk/twistedcaldav/method/put_common.py 2008-12-04 22:01:10 UTC (rev 3460)
@@ -287,6 +287,20 @@
log.err(message)
raise HTTPError(StatusResponse(responsecode.FORBIDDEN, "Resource name not allowed"))
+ # Valid data sizes - do before parsing the data
+ if self.source is not None:
+ # Valid content length check on the source resource
+ result, message = self.validContentLength()
+ if not result:
+ log.err(message)
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+ else:
+ # Valid calendar data size check
+ result, message = self.validSizeCheck()
+ if not result:
+ log.err(message)
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+
if not self.sourcecal:
# Valid content type check on the source resource if its not in a calendar collection
if self.source is not None:
@@ -332,12 +346,6 @@
# would be better to copy the index entries from the source and add to the destination.
self.calendar = self.source.iCalendar()
- # Valid calendar data size check
- result, message = self.validSizeCheck()
- if not result:
- log.err(message)
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
-
# Check access
if self.destinationcal and config.EnablePrivateEvents:
result = (yield self.validAccess())
@@ -431,6 +439,20 @@
return result, message
+ def validContentLength(self):
+ """
+ Make sure that the length of the source data is within bounds.
+ """
+ result = True
+ message = ""
+ if config.MaximumAttachmentSize:
+ calsize = self.source.contentLength()
+ if calsize is not None and calsize > config.MaximumAttachmentSize:
+ result = False
+ message = "File size %d bytes is larger than allowed limit %d bytes" % (calsize, config.MaximumAttachmentSize)
+
+ return result, message
+
def validCalendarDataCheck(self):
"""
Check that the calendar data is valid iCalendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081204/3223a745/attachment.html>
More information about the calendarserver-changes
mailing list