From a5779d30b558a2aa314ec2c130b14e9e8e322444 Mon Sep 17 00:00:00 2001
From: Dag <me@dvikan.no>
Date: Wed, 16 Nov 2022 17:56:26 +0100
Subject: [PATCH] feat: add max file size to http responses (#3140)

---
 config.default.ini.php |  3 +++
 lib/contents.php       | 26 ++++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/config.default.ini.php b/config.default.ini.php
index df9b70a4..44e721d6 100644
--- a/config.default.ini.php
+++ b/config.default.ini.php
@@ -19,6 +19,9 @@ message = ""
 timeout = 60
 useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
 
+; Max http response size in MB
+max_filesize = 20
+
 [cache]
 
 ; Defines the cache type used by RSS-Bridge
diff --git a/lib/contents.php b/lib/contents.php
index c339d3ca..9d452790 100644
--- a/lib/contents.php
+++ b/lib/contents.php
@@ -128,6 +128,13 @@ function getContents(
         'headers' => array_merge($defaultHttpHeaders, $httpHeadersNormalized),
         'curl_options' => $curlOptions,
     ];
+
+    $maxFileSize = Configuration::getConfig('http', 'max_filesize');
+    if ($maxFileSize) {
+        // Multiply with 2^20 (1M) to the value in bytes
+        $config['max_filesize'] = $maxFileSize * 2 ** 20;
+    }
+
     if (Configuration::getConfig('proxy', 'url') && !defined('NOPROXY')) {
         $config['proxy'] = Configuration::getConfig('proxy', 'url');
     }
@@ -200,10 +207,9 @@ function getContents(
 }
 
 /**
- * Private function used internally
- *
  * Fetch content from url
  *
+ * @internal Private function used internally
  * @throws HttpException
  */
 function _http_request(string $url, array $config = []): array
@@ -216,6 +222,7 @@ function _http_request(string $url, array $config = []): array
         'curl_options' => [],
         'if_not_modified_since' => null,
         'retries' => 3,
+        'max_filesize' => null,
     ];
     $config = array_merge($defaults, $config);
 
@@ -235,6 +242,21 @@ function _http_request(string $url, array $config = []): array
     curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
     // Force HTTP 1.1 because newer versions of libcurl defaults to HTTP/2
     curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+
+    if ($config['max_filesize']) {
+        // This option inspects the Content-Length header
+        curl_setopt($ch, CURLOPT_MAXFILESIZE, $config['max_filesize']);
+        curl_setopt($ch, CURLOPT_NOPROGRESS, false);
+        // This progress function will monitor responses who omit the Content-Length header
+        curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, function ($ch, $downloadSize, $downloaded, $uploadSize, $uploaded) use ($config) {
+            if ($downloaded > $config['max_filesize']) {
+                // Return a non-zero value to abort the transfer
+                return -1;
+            }
+            return 0;
+        });
+    }
+
     if ($config['proxy']) {
         curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
     }