incorporate defusedxml for XML parsing; limit size of XML-RPC requests handled

author: Richard Jones <richard@mechanicalcat.net> 2013-02-20 11:55:22 +1100
committer: Richard Jones <richard@mechanicalcat.net> 2013-02-20 11:55:22 +1100
commit: 249322d3987cd056f9936ae72dd8b02c30029ee6 (patch)
tree: 9ee735bb15a3bb5f7ccd997f70025c6188206721 /rpc.py
parent: 41b5849ec804feaa266d8809bb4077b8b8290a44 (diff)
download: decorator-249322d3987cd056f9936ae72dd8b02c30029ee6.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/rpc.py b/rpc.py
index 9927583..4d8346f 100644
--- a/rpc.py
+++ b/rpc.py
@@ -42,6 +42,7 @@ class RequestHandler(SimpleXMLRPCDispatcher):
         webui_obj.handler.end_headers()
         try:
             length = int(webui_obj.env['CONTENT_LENGTH'])
+            assert length < 10*1024*1024, 'request content way too big'
             data = webui_obj.handler.rfile.read(length)
             # This should be thread-safe, as the store is really a singleton
             self.store = webui_obj.store
author	Richard Jones <richard@mechanicalcat.net>	2013-02-20 11:55:22 +1100
committer	Richard Jones <richard@mechanicalcat.net>	2013-02-20 11:55:22 +1100
commit	249322d3987cd056f9936ae72dd8b02c30029ee6 (patch)
tree	9ee735bb15a3bb5f7ccd997f70025c6188206721 /rpc.py
parent	41b5849ec804feaa266d8809bb4077b8b8290a44 (diff)
download	decorator-249322d3987cd056f9936ae72dd8b02c30029ee6.tar.gz