Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions lib/controllers/page_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

class PageController < BaseController

MAX_UPLOAD_SIZE = 25 * 1024 * 1024

helpers do
def slug
Slug.slugify(params[:slug]) if params[:slug]
Expand Down Expand Up @@ -238,6 +240,7 @@ def cache_for_audience

file = params[:file]
halt 400, "No file provided" unless file && file[:tempfile]
halt 413, "File too large" if file[:tempfile].size > MAX_UPLOAD_SIZE

upload = Upload.new(
page: page,
Expand Down
25 changes: 25 additions & 0 deletions test/integration/app_page_uploads_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,31 @@ def test_delete_upload
assert_nil Upload[upload.id]
end

def test_upload_rejects_files_over_the_size_limit
with_max_upload_size(10) do
oversized = Rack::Test::UploadedFile.new(
StringIO.new("x" * 11),
"text/plain",
original_filename: "big.txt"
)

post "/#{CGI.escape(@page.slug)}/uploads", file: oversized
end

assert_equal 413, last_response.status
assert Upload.where(page_id: @page.id).empty?
end

def with_max_upload_size(bytes)
original = PageController::MAX_UPLOAD_SIZE
PageController.send(:remove_const, :MAX_UPLOAD_SIZE)
PageController.const_set(:MAX_UPLOAD_SIZE, bytes)
yield
ensure
PageController.send(:remove_const, :MAX_UPLOAD_SIZE)
PageController.const_set(:MAX_UPLOAD_SIZE, original)
end

def test_upload_requires_login
env "rack.session", {}

Expand Down
Loading