Check file sizes in session dir before validation
For pip installed instances of Whoogle, there seems to be an issue where files other than sessions are being stored in the same directory as the sessions. From a brief investigation, this does not seem to be caused by Whoogle, since Flask-Session objects are the only files stored in that directory. It could be an issue with the library that is being used for sessions, however. Regardless, the app shouldn't crash when trying to validate and remove invalid sessions, so a file size limit of 4KB was imposed during validation. Any file found in the session directory that exceeds this size limit will be ignored. Fixes #777 Fixes #793main
parent
c9ee9dcc8b
commit
cb5557cc2e
|
@ -78,6 +78,7 @@ app.config['CONFIG_DISABLE'] = read_config_bool('WHOOGLE_CONFIG_DISABLE')
|
|||
app.config['SESSION_FILE_DIR'] = os.path.join(
|
||||
app.config['CONFIG_PATH'],
|
||||
'session')
|
||||
app.config['MAX_SESSION_SIZE'] = 4000 # Sessions won't exceed 4KB
|
||||
app.config['BANG_PATH'] = os.getenv(
|
||||
'CONFIG_VOLUME',
|
||||
os.path.join(app.config['STATIC_FOLDER'], 'bangs'))
|
||||
|
|
|
@ -73,6 +73,11 @@ def session_required(f):
|
|||
session_path = os.path.join(
|
||||
app.config['SESSION_FILE_DIR'],
|
||||
user_session)
|
||||
|
||||
# Ignore any files that are larger than the max session file size
|
||||
if os.path.getsize(session_path) > app.config['MAX_SESSION_SIZE']:
|
||||
continue
|
||||
|
||||
try:
|
||||
with open(session_path, 'rb') as session_file:
|
||||
_ = pickle.load(session_file)
|
||||
|
|
Loading…
Reference in New Issue