From c0c41dd369b4f7193113699a7f58c7b48a1ef061 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sun, 25 Mar 2018 18:05:52 -0500
Subject: [PATCH] uploads: add limits on max image dimensions.

---
 app/models/upload.rb              | 13 +++++++++++++
 config/danbooru_default_config.rb | 15 +++++++++++++++
 test/unit/upload_test.rb          |  9 +++++++++
 3 files changed, 37 insertions(+)

diff --git a/app/models/upload.rb b/app/models/upload.rb
index 1202b75a6..de18936bb 100644
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -66,6 +66,18 @@ class Upload < ApplicationRecord
       end
     end
 
+    def validate_dimensions
+      resolution = image_width * image_height
+
+      if resolution > Danbooru.config.max_image_resolution
+        raise "image resolution is too large (resolution: #{(resolution / 1_000_000.0).round(1)} megapixels (#{image_width}x#{image_height}); max: #{Danbooru.config.max_image_resolution / 1_000_000} megapixels)"
+      elsif image_width > Danbooru.config.max_image_width
+        raise "image width is too large (width: #{image_width}; max width: #{Danbooru.config.max_image_width})"
+      elsif image_height > Danbooru.config.max_image_height
+        raise "image height is too large (height: #{image_height}; max height: #{Danbooru.config.max_image_height})"
+      end
+    end
+
     def rating_given
       if rating.present?
         return true
@@ -120,6 +132,7 @@ class Upload < ApplicationRecord
 
         self.tag_string = "#{tag_string} #{automatic_tags}"
         self.image_width, self.image_height = calculate_dimensions
+        validate_dimensions
 
         save
       end
diff --git a/config/danbooru_default_config.rb b/config/danbooru_default_config.rb
index d481220d6..2468ea4e3 100644
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -179,6 +179,21 @@ module Danbooru
       35.megabytes
     end
 
+    # Maximum resolution (width * height) of an upload. Default: 441 megapixels (21000x21000 pixels).
+    def max_image_resolution
+      21000 * 21000
+    end
+
+    # Maximum width of an upload.
+    def max_image_width
+      40000
+    end
+
+    # Maximum height of an upload.
+    def max_image_height
+      40000
+    end
+
     def member_comment_time_threshold
       1.week.ago
     end
diff --git a/test/unit/upload_test.rb b/test/unit/upload_test.rb
index a2ac2a547..93db2017c 100644
--- a/test/unit/upload_test.rb
+++ b/test/unit/upload_test.rb
@@ -212,6 +212,15 @@ class UploadTest < ActiveSupport::TestCase
           assert_equal("", @upload.automatic_tags)
         end
       end
+
+      context "that is too large" do
+        should "should fail validation" do
+          Danbooru.config.stubs(:max_image_resolution).returns(31*31)
+          @upload = FactoryGirl.create(:upload, file: upload_file("test/files/test-static-32x32.gif"))
+          @upload.process!
+          assert_match(/image resolution is too large/, @upload.status)
+        end
+      end
     end
 
     should "process completely for a pixiv ugoira" do