github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Add limits for themes and theme assets

Browse Source 
This commit adds limits to themes and theme components on the:

- file size of about.json and .discourse-compatibility
- file size of theme assets
- number of files in a theme
This commit is contained in:
Bianca Nenciu
2023-08-22 21:30:33 +03:00
committed by Roman Rizzi
parent 290306a932
commit 6f782d8e45
8 changed files with 187 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/discourse.rb
View File

@ -8,6 +8,7 @@ require "version"
module Discourse
DB_POST_MIGRATE_PATH ||= "db/post_migrate"
REQUESTED_HOSTNAME ||= "REQUESTED_HOSTNAME"
MAX_METADATA_FILE_SIZE = 64.kilobytes
class Utils
URI_REGEXP ||= URI.regexp(%w[http https])