From 81a2300af88c137e1c9be7577a9c68deb45499a0 Mon Sep 17 00:00:00 2001
From: Samantaz Fox <coding@samantaz.fr>
Date: Wed, 12 Jan 2022 01:28:58 +0100
Subject: [PATCH] Prevent import of insanely large files

---
 src/invidious/user/imports.cr | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/invidious/user/imports.cr b/src/invidious/user/imports.cr
index 98a62c17..2ae1dcb1 100644
--- a/src/invidious/user/imports.cr
+++ b/src/invidious/user/imports.cr
@@ -4,7 +4,15 @@ def parse_subscription_export_csv(csv_content : String)
   rows = CSV.new(csv_content, headers: true)
   subscriptions = Array(String).new
 
+  # Counter to limit the amount of imports.
+  # This is intended to prevent DoS.
+  row_counter = 0
+
   rows.each do |row|
+    # Limit to 1200
+    row_counter += 1
+    break if row_counter > 1_200
+
     # Channel ID is the first column in the csv export we can't use the header
     # name, because the header name is localized depending on the
     # language the user has set on their account