[openstreetmap/openstreetmap-website] GPX upload : zip file handling (#2137)
notifications at github.com
Thu Feb 7 13:21:41 UTC 2019
Follow up #2131: GPX upload uses external scripts to decompress zip/bzip/gzip files. To be on the safe side, some more input sanitization is required here.
We also need to improve zip file handling in general here, so people can't kill the server by uploading funny zip bombs. https://github.com/openstreetmap/openstreetmap-website/blob/268a8cb06e0a4734b9cb226ecebcc8445be4a9de/app/models/trace.rb#L256-L268
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev