diff --git a/app/__init__.py b/app/__init__.py index a69fb8a..fefa1d9 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -78,6 +78,7 @@ app.config['CONFIG_DISABLE'] = read_config_bool('WHOOGLE_CONFIG_DISABLE') app.config['SESSION_FILE_DIR'] = os.path.join( app.config['CONFIG_PATH'], 'session') +app.config['MAX_SESSION_SIZE'] = 4000 # Sessions won't exceed 4KB app.config['BANG_PATH'] = os.getenv( 'CONFIG_VOLUME', os.path.join(app.config['STATIC_FOLDER'], 'bangs')) diff --git a/app/routes.py b/app/routes.py index 4d4e116..1f58a7d 100644 --- a/app/routes.py +++ b/app/routes.py @@ -73,6 +73,11 @@ def session_required(f): session_path = os.path.join( app.config['SESSION_FILE_DIR'], user_session) + + # Ignore any files that are larger than the max session file size + if os.path.getsize(session_path) > app.config['MAX_SESSION_SIZE']: + continue + try: with open(session_path, 'rb') as session_file: _ = pickle.load(session_file)