diff options
| author | Joey Hess <joey@kitenet.net> | 2012-01-23 18:36:33 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-01-23 18:39:53 -0400 |
| commit | bfda13f16c3a055b30d7e5448dd6640a12898adc (patch) | |
| tree | 2df344174e45fe760108cdaef52c1663e36a8a58 | |
| parent | 0376a8da8ac42a4c7da4acfd588767ff8e062364 (diff) | |
| download | ikiwiki-bfda13f16c3a055b30d7e5448dd6640a12898adc.tar ikiwiki-bfda13f16c3a055b30d7e5448dd6640a12898adc.tar.gz | |
recentchangesdiff: truncate extremely large diffs
A diff was already truncated after 200 lines. But it could still be
arbitrarily enormous, if a spammer or other random noise source likes long
lines. That could use a lot of memory to html encode etc the diff and fill
it into the template. Truncating after 100kb seems sufficient; it allows
for 200 lines of up to 512 characters each.
| -rw-r--r-- | IkiWiki/Plugin/recentchangesdiff.pm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/recentchangesdiff.pm b/IkiWiki/Plugin/recentchangesdiff.pm index 71297572d..418822793 100644 --- a/IkiWiki/Plugin/recentchangesdiff.pm +++ b/IkiWiki/Plugin/recentchangesdiff.pm @@ -31,13 +31,21 @@ sub pagetemplate (@) { my @lines=IkiWiki::rcs_diff($params{rev}, $maxlines+1); if (@lines) { my $diff; + my $trunc=0; if (@lines > $maxlines) { - $diff=join("", @lines[0..($maxlines-1)])."\n". - gettext("(Diff truncated)"); + $diff=join("", @lines[0..($maxlines-1)]); + $trunc=1; } else { $diff=join("", @lines); } + if (length $diff > 102400) { + $diff=substr($diff, 0, 10240); + $trunc=1; + } + if ($trunc) { + $diff.="\n".gettext("(Diff truncated)"); + } # escape html $diff = encode_entities($diff); # escape links and preprocessor stuff |