mudhorn/zxing
1
0
Fork 0
mirror of https://github.com/zxing/zxing.git synced 2025-01-12 11:47:26 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reject responses whose content type isn't image/* early

Browse source
This commit is contained in:
Sean Owen 2017-08-20 16:34:08 +01:00
parent 0000a10272
commit 649a099c68
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
View file

@ -92,8 +92,8 @@ public final class DecodeServlet extends HttpServlet {
// No real reason to let people upload more than ~64MB
private static final long MAX_IMAGE_SIZE = 1L << 26;
// No real reason to deal with more than ~64 megapixels
private static final int MAX_PIXELS = 1 << 26;
// No real reason to deal with more than ~32 megapixels
private static final int MAX_PIXELS = 1 << 25;
private static final byte[] REMAINDER_BUFFER = new byte[1 << 16];
private static final Map<DecodeHintType,Object> HINTS;
private static final Map<DecodeHintType,Object> HINTS_PURE;
@ -237,6 +237,13 @@ public final class DecodeServlet extends HttpServlet {
errorResponse(request, response, "badimage");
return;
}
// Assume we'll only handle image/* content types
String contentType = connection.getContentType();
if (contentType != null && !contentType.startsWith("image/")) {
log.info("Wrong content type: " + contentType);
errorResponse(request, response, "badimage");
return;
}
log.info("Decoding " + imageURL);
processStream(is, request, response);