From 86b3c1f9c46666de361a86b5e4b0b52498622440 Mon Sep 17 00:00:00 2001
From: Philipp Marek <philipp@marek.priv.at>
Date: Wed, 22 May 2019 10:56:39 +0200
Subject: [PATCH] Respect the "Content-Length" header when parsing form data.

---
 CHANGELOG    | 2 ++
 request.lisp | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index d8ce7bb..55b119c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,5 @@
+2019-05-22
+Respect the "Content-Length" header when parsing POST parameters
 Version 1.2.38
 2017-12-03
 Better pathname validation.
diff --git a/request.lisp b/request.lisp
index e8c6312..58c84d5 100644
--- a/request.lisp
+++ b/request.lisp
@@ -268,7 +268,10 @@ slot values are computed in this :AFTER method."
 content type has already been verified.  Returns the form data as
 alist or NIL if there was no data or the data could not be parsed."
   (handler-case*
-      (let ((content-stream (make-flexi-stream (content-stream request) :external-format +latin-1+)))
+      (let* ((content-length (header-in :content-length request))
+             (content-stream (make-flexi-stream (content-stream request)
+                                               :external-format +latin-1+
+                                               :bound (if content-length (parse-integer content-length)))))
         (prog1
             (parse-rfc2388-form-data content-stream (header-in :content-type request) external-format)
           (let ((stray-data (get-post-data :already-read (flexi-stream-position content-stream))))