Respect the "Content-Length" header when parsing form data.

edicl · May 22, 2019 · 86b3c1f · 86b3c1f
1 parent f18c0aa
commit 86b3c1f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,5 @@
+2019-05-22
+Respect the "Content-Length" header when parsing POST parameters
 Version 1.2.38
 2017-12-03
 Better pathname validation.

diff --git a/request.lisp b/request.lisp
@@ -268,7 +268,10 @@ slot values are computed in this :AFTER method."
 content type has already been verified.  Returns the form data as
 alist or NIL if there was no data or the data could not be parsed."
   (handler-case*
-      (let ((content-stream (make-flexi-stream (content-stream request) :external-format +latin-1+)))
+      (let* ((content-length (header-in :content-length request))
+             (content-stream (make-flexi-stream (content-stream request)
+                                               :external-format +latin-1+
+                                               :bound (if content-length (parse-integer content-length)))))
         (prog1
             (parse-rfc2388-form-data content-stream (header-in :content-type request) external-format)
           (let ((stray-data (get-post-data :already-read (flexi-stream-position content-stream))))