width in the /idea/imagethumb/{id}/{width} URL isn't sanitised

Question

width in the /idea/imagethumb/{id}/{width} URL isn't sanitised

Closed this issue 13 years ago · 0 comments

This means it's possible to request an image with something like /idea/imagethumb/1/1000000, which can cause an OutOfMemoryException.

Adding a check against a maximum allowed width is straight forwards enough, but where should the max allowed value be stored? e.g. as a constant in Model/Image.cs? or Modules/IdeaModule.cs? or should it be made configurable via /admin/settings?