mirror of
https://github.com/go-gitea/gitea
synced 2024-11-21 18:13:06 +01:00
Limit uploaded avatar image-size to 4096x3072 by default (#4353)
This commit is contained in:
parent
69796ddd64
commit
cbee921c28
3 changed files with 19 additions and 0 deletions
|
@ -402,6 +402,10 @@ SESSION_LIFE_TIME = 86400
|
||||||
|
|
||||||
[picture]
|
[picture]
|
||||||
AVATAR_UPLOAD_PATH = data/avatars
|
AVATAR_UPLOAD_PATH = data/avatars
|
||||||
|
; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
|
||||||
|
; used when resizing the image.
|
||||||
|
AVATAR_MAX_WIDTH = 4096
|
||||||
|
AVATAR_MAX_HEIGHT = 3072
|
||||||
; Chinese users can choose "duoshuo"
|
; Chinese users can choose "duoshuo"
|
||||||
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
||||||
GRAVATAR_SOURCE = gravatar
|
GRAVATAR_SOURCE = gravatar
|
||||||
|
|
|
@ -433,6 +433,17 @@ func (u *User) IsPasswordSet() bool {
|
||||||
// UploadAvatar saves custom avatar for user.
|
// UploadAvatar saves custom avatar for user.
|
||||||
// FIXME: split uploads to different subdirs in case we have massive users.
|
// FIXME: split uploads to different subdirs in case we have massive users.
|
||||||
func (u *User) UploadAvatar(data []byte) error {
|
func (u *User) UploadAvatar(data []byte) error {
|
||||||
|
imgCfg, _, err := image.DecodeConfig(bytes.NewReader(data))
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("DecodeConfig: %v", err)
|
||||||
|
}
|
||||||
|
if imgCfg.Width > setting.AvatarMaxWidth {
|
||||||
|
return fmt.Errorf("Image width is to large: %d > %d", imgCfg.Width, setting.AvatarMaxWidth)
|
||||||
|
}
|
||||||
|
if imgCfg.Height > setting.AvatarMaxHeight {
|
||||||
|
return fmt.Errorf("Image height is to large: %d > %d", imgCfg.Height, setting.AvatarMaxHeight)
|
||||||
|
}
|
||||||
|
|
||||||
img, _, err := image.Decode(bytes.NewReader(data))
|
img, _, err := image.Decode(bytes.NewReader(data))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Decode: %v", err)
|
return fmt.Errorf("Decode: %v", err)
|
||||||
|
|
|
@ -341,6 +341,8 @@ var (
|
||||||
|
|
||||||
// Picture settings
|
// Picture settings
|
||||||
AvatarUploadPath string
|
AvatarUploadPath string
|
||||||
|
AvatarMaxWidth int
|
||||||
|
AvatarMaxHeight int
|
||||||
GravatarSource string
|
GravatarSource string
|
||||||
GravatarSourceURL *url.URL
|
GravatarSourceURL *url.URL
|
||||||
DisableGravatar bool
|
DisableGravatar bool
|
||||||
|
@ -1024,6 +1026,8 @@ func NewContext() {
|
||||||
if !filepath.IsAbs(AvatarUploadPath) {
|
if !filepath.IsAbs(AvatarUploadPath) {
|
||||||
AvatarUploadPath = path.Join(AppWorkPath, AvatarUploadPath)
|
AvatarUploadPath = path.Join(AppWorkPath, AvatarUploadPath)
|
||||||
}
|
}
|
||||||
|
AvatarMaxWidth = sec.Key("AVATAR_MAX_WIDTH").MustInt(4096)
|
||||||
|
AvatarMaxHeight = sec.Key("AVATAR_MAX_HEIGHT").MustInt(3072)
|
||||||
switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
|
switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
|
||||||
case "duoshuo":
|
case "duoshuo":
|
||||||
GravatarSource = "http://gravatar.duoshuo.com/avatar/"
|
GravatarSource = "http://gravatar.duoshuo.com/avatar/"
|
||||||
|
|
Loading…
Reference in a new issue