修复表单值限制的bug

2026-01-25 14:42:47 +00:00 · 2014-07-11 09:58:21 +08:00 · 2014-07-11 09:58:21 +08:00 · ee0dd69f4c
commit ee0dd69f4c
parent 8f9bb5bed2
2 changed files with 18 additions and 8 deletions
--- a/lib/Conf/config.js
+++ b/lib/Conf/config.js
@ -16,8 +16,8 @@ module.exports = {

  post_json_content_type: ['application/json'], //post数据为json时的content-type
  post_max_file_size: 1024 * 1024 * 1024, //上传文件大小限制，默认1G
-  post_max_fields: 1000, //最大表单数
-  post_max_fields_size: 2 * 1024, //单个表单最大值
+  post_max_fields: 100, //最大表单数，默认为100
+  post_max_fields_size: 2 * 1024 * 1024, //单个表单长度最大值，默认为2MB
  
  app_group_list: ['Home', 'Admin', 'Restful'], //分组列表
  default_group: 'Home', //默认分组
--- a/lib/Lib/Core/Http.js
+++ b/lib/Lib/Core/Http.js
@ -89,18 +89,28 @@ module.exports = Class(function(){
        length += chunk.length;
      });
      this.req.on('end', function(){
-        //如果长度超过限制，直接拒绝
-        if (length > C('post_max_fields_size')) {
-          self.res.statusCode = 413;
-          self.res.end();
-          return;
-        }
        self.http.payload = Buffer.concat(buffers).toString();
        tag('form_parse', self.http).then(function(){
          //默认使用querystring.parse解析
          if (isEmpty(self.http.post) && self.http.payload) {
            self.http.post = querystring.parse(self.http.payload) || {}
          }
+          var post = self.http.post;
+          var length = Object.keys(post);
+          //最大表单数超过限制
+          if (length > C('post_max_fields')) {
+            self.res.statusCode = 413;
+            self.res.end();
+            return;
+          }
+          for(var name in post){
+            //单个表单值长度超过限制
+            if (post[name].length > C('post_max_fields_size')) {
+              self.res.statusCode = 413;
+              self.res.end();
+              return;
+            }
+          }
          deferred.resolve(self.http);
        })
      });