Fix potential DoS vulnerability in ImageProxy

WoltLab · Sep 29, 2016 · d08d11c · d08d11c
1 parent 9e8aa97
commit d08d11c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
@@ -61,7 +61,9 @@ public function execute() {
 				try {
 					// download image
 					try {
-						$request = new HTTPRequest($url);
+						$request = new HTTPRequest($url, [
+							'maxLength' => 10 * (1 << 20) // download at most 10 MiB
+						]);
 						$request->execute();
 					}
 					catch (SystemException $e) {