X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/3ca475c8e10c811633dec531772e18da6e5fa33d..4628276e4a8f159cded83f8dbf7ec8239705f84a:/src/wiki/views.py diff --git a/src/wiki/views.py b/src/wiki/views.py index aea44390..e22c0286 100644 --- a/src/wiki/views.py +++ b/src/wiki/views.py @@ -2,6 +2,7 @@ # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. # from datetime import datetime +import json import os import logging from time import mktime @@ -11,7 +12,7 @@ from django.apps import apps from django.conf import settings from django.urls import reverse from django import http -from django.http import Http404, HttpResponseForbidden +from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseBadRequest from django.middleware.gzip import GZipMiddleware from django.utils.decorators import decorator_from_middleware from django.utils.formats import localize @@ -38,6 +39,10 @@ logger = logging.getLogger("fnp.wiki") MAX_LAST_DOCS = 10 +class HttpResponseLengthRequired(HttpResponse): + status_code = 411 + + @never_cache def editor(request, slug, chunk=None, template_name='wiki/document_details.html'): try: @@ -129,6 +134,20 @@ def text(request, chunk_id): return HttpResponseForbidden("Not authorized.") if request.method == 'POST': + # Check length to reject broken request. + try: + expected_cl = int(request.META['CONTENT_LENGTH']) + except: + return HttpResponseLengthRequired(json.dumps( + {"__message": _("Content length required.")} + )) + # 411 if missing + cl = len(request.body) + if cl != expected_cl: + return HttpResponseBadRequest(json.dumps( + {"__message": _("Wrong content length, request probably interrupted.")} + )) + form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave") if form.is_valid(): if request.user.is_authenticated: