diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/middleware/context.go | 10 | ||||
| -rw-r--r-- | modules/setting/setting.go | 4 |
2 files changed, 12 insertions, 2 deletions
diff --git a/modules/middleware/context.go b/modules/middleware/context.go index c641449a87..6b47e94fb0 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -323,7 +323,6 @@ func (f *Flash) Success(msg string) { // InitContext initializes a classic context for a request. func InitContext() martini.Handler { return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) { - ctx := &Context{ c: c, // p: p, @@ -332,7 +331,6 @@ func InitContext() martini.Handler { Cache: setting.Cache, Render: rd, } - ctx.Data["PageStartTime"] = time.Now() // start session @@ -374,6 +372,14 @@ func InitContext() martini.Handler { ctx.Data["IsAdmin"] = ctx.User.IsAdmin } + // If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid. + if strings.Contains(r.Header.Get("Content-Type"), "multipart/form-data") { + if err = ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil { // 32MB max size + ctx.Handle(500, "issue.Comment(ctx.Req.ParseMultipartForm)", err) + return + } + } + // get or create csrf token ctx.Data["CsrfToken"] = ctx.CsrfToken() ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`) diff --git a/modules/setting/setting.go b/modules/setting/setting.go index ba9e86dc8f..349ef11595 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -74,6 +74,8 @@ var ( // Attachment settings. AttachmentPath string AttachmentAllowedTypes string + AttachmentMaxSize int64 + AttachmentMaxFiles int // Cache settings. Cache cache.Cache @@ -172,6 +174,8 @@ func NewConfigContext() { AttachmentPath = Cfg.MustValue("attachment", "PATH", "files/attachments") AttachmentAllowedTypes = Cfg.MustValue("attachment", "ALLOWED_TYPES", "*/*") + AttachmentMaxSize = Cfg.MustInt64("attachment", "MAX_SIZE", 32) + AttachmentMaxFiles = Cfg.MustInt("attachment", "MAX_FILES", 10) if err = os.MkdirAll(AttachmentPath, os.ModePerm); err != nil { log.Fatal("Could not create directory %s: %s", AttachmentPath, err) |