From ee0dd69f4c8a6bdfd591a23b2febc00b50497e46 Mon Sep 17 00:00:00 2001 From: welefen Date: Fri, 11 Jul 2014 09:58:21 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=A1=A8=E5=8D=95=E5=80=BC?= =?UTF-8?q?=E9=99=90=E5=88=B6=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/Conf/config.js | 4 ++-- lib/Lib/Core/Http.js | 22 ++++++++++++++++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/lib/Conf/config.js b/lib/Conf/config.js index 465f35de..e8b0a3ec 100644 --- a/lib/Conf/config.js +++ b/lib/Conf/config.js @@ -16,8 +16,8 @@ module.exports = { post_json_content_type: ['application/json'], //post数据为json时的content-type post_max_file_size: 1024 * 1024 * 1024, //上传文件大小限制,默认1G - post_max_fields: 1000, //最大表单数 - post_max_fields_size: 2 * 1024, //单个表单最大值 + post_max_fields: 100, //最大表单数,默认为100 + post_max_fields_size: 2 * 1024 * 1024, //单个表单长度最大值,默认为2MB app_group_list: ['Home', 'Admin', 'Restful'], //分组列表 default_group: 'Home', //默认分组 diff --git a/lib/Lib/Core/Http.js b/lib/Lib/Core/Http.js index 4b025d57..ee2f9817 100644 --- a/lib/Lib/Core/Http.js +++ b/lib/Lib/Core/Http.js @@ -89,18 +89,28 @@ module.exports = Class(function(){ length += chunk.length; }); this.req.on('end', function(){ - //如果长度超过限制,直接拒绝 - if (length > C('post_max_fields_size')) { - self.res.statusCode = 413; - self.res.end(); - return; - } self.http.payload = Buffer.concat(buffers).toString(); tag('form_parse', self.http).then(function(){ //默认使用querystring.parse解析 if (isEmpty(self.http.post) && self.http.payload) { self.http.post = querystring.parse(self.http.payload) || {} } + var post = self.http.post; + var length = Object.keys(post); + //最大表单数超过限制 + if (length > C('post_max_fields')) { + self.res.statusCode = 413; + self.res.end(); + return; + } + for(var name in post){ + //单个表单值长度超过限制 + if (post[name].length > C('post_max_fields_size')) { + self.res.statusCode = 413; + self.res.end(); + return; + } + } deferred.resolve(self.http); }) });