diff --git a/grasshopper/lib/grasshopper.js b/grasshopper/lib/grasshopper.js index eff399d..46fa62f 100644 --- a/grasshopper/lib/grasshopper.js +++ b/grasshopper/lib/grasshopper.js @@ -34,6 +34,8 @@ var routes = {}, servers = [], filters = []; +var maxFormSize = 1048576; + exports.addToContext = function() { for(var i = 0; i < arguments.length; i++) { for(var key in arguments[i]) { @@ -54,6 +56,9 @@ exports.addFilters = function(regex) { exports.addHelpers = ghp.addHelpers; exports.configure = function(config) { + if(config.maxFormSize) + maxFormSize = config.maxFormSize; + renderer.configure(config); multipart.configure(config); session.configure(config); @@ -166,6 +171,10 @@ function dispatch(req, res, routeMatcher) { if(action) { if((req.method == 'POST' || req.method == 'PUT')) { if(req.headers['content-type'] && req.headers['content-type'].match(/^application\/x-www-form-urlencoded/)) { + if(Number(req.headers['content-length']) > maxFormSize) { + new renderer.RequestContext(req, res, {}).renderError(413); + return; + } req.setEncoding('utf8'); var dataString = ''; req.on('data', function(data) { diff --git a/grasshopper/lib/multipart.js b/grasshopper/lib/multipart.js index b0edc82..551d70f 100644 --- a/grasshopper/lib/multipart.js +++ b/grasshopper/lib/multipart.js @@ -18,12 +18,12 @@ var fs = require('fs'), uuid = require('./uuid'), formidable = require('formidable'); -var maxPostSize = undefined, +var maxUploadSize = undefined, uploadsDir = '/tmp'; exports.configure = function(config) { - if(config.maxPostSize) - maxPostSize = config.maxPostSize; + if(config.maxUploadSize) + maxUploadSize = config.maxUploadSize; if(config.uploadsDir) uploadsDir = config.uploadsDir; }; @@ -31,7 +31,7 @@ exports.configure = function(config) { exports.parse = function(context, callback) { context.params = {}; var req = context.request; - if(new Number(req.headers['content-length']) > maxPostSize) { + if(Number(req.headers['content-length']) > maxUploadSize) { context.renderError(413); return; }