[openstreetmap/openstreetmap-website] GPX upload : zip file handling (#2137)

mmd notifications at github.com
Thu Feb 7 13:21:41 UTC 2019

Follow up #2131: GPX upload uses external scripts to decompress zip/bzip/gzip files. To be on the safe side, some more input sanitization is required here.

We also need to improve zip file handling in general here, so people can't kill the server by uploading  funny zip bombs. https://github.com/openstreetmap/openstreetmap-website/blob/268a8cb06e0a4734b9cb226ecebcc8445be4a9de/app/models/trace.rb#L256-L268

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190207/a56d2621/attachment.html>

More information about the rails-dev mailing list