Add a settings to limit the width & height params

Question

Add a settings to limit the width & height params

lionep opened this issue a year ago · 3 comments

Hello,

Nice project out there !
I've tried it and it seems you can overscale pictures, and get some insufficient memory usage.

Would it be possible to implement :

A config params (as environment variable) to prevent overscale (width or height, over original width or height)
A config params to define maximum allowed width or height in query params, returning an error if user goes above the value.

Also, it seems that every different size request is stored in e_image_derivative_backend table, so a anon user can fillup the disk with commands like :

for I in `seq 100 500`; do
  curl -v https://picsur.domain.com/i/SOME_PICTURE_ID.jpg\?height\=$I
done

Any idea of a protection agains this ?

Thanks !