Add option to restrict excessively large data: URLs in inline images, enabled by default, 64KB by default

modules/board/board.controller.php

@@ -63,6 +63,17 @@ class BoardController extends Board
 			throw new Rhymix\Framework\Exception('msg_content_too_long');
 		}
 
+		// Return error if content conains excessively large data URLs.
+		$inline_data_url_limit = ($this->module_info->inline_data_url_limit ?: 64) * 1024;
+		preg_match_all('!src="\s*(data:[^,]*,[a-z0-9+/=%$!._-]+)!i', (string)$obj->content, $matches);
+		foreach ($matches[1] as $match)
+		{
+			if (strlen($match) > $inline_data_url_limit)
+			{
+				throw new Rhymix\Framework\Exception('msg_data_url_restricted');
+			}
+		}
+
 		// Check category
 		$category_list = DocumentModel::getCategoryList($this->module_srl);
 		if (count($category_list) > 0)
@@ -472,6 +483,17 @@ class BoardController extends Board
 			throw new Rhymix\Framework\Exception('msg_content_too_long');
 		}
 
+		// Return error if content conains excessively large data URLs.
+		$inline_data_url_limit = ($this->module_info->inline_data_url_limit ?: 64) * 1024;
+		preg_match_all('!src="\s*(data:[^,]*,[a-z0-9+/=%$!._-]+)!i', (string)$obj->content, $matches);
+		foreach ($matches[1] as $match)
+		{
+			if (strlen($match) > $inline_data_url_limit)
+			{
+				throw new Rhymix\Framework\Exception('msg_data_url_restricted');
+			}
+		}
+
 		if(!$this->module_info->use_status) $this->module_info->use_status = 'PUBLIC';
 		if(!is_array($this->module_info->use_status))
 		{

modules/board/lang/en.php

@@ -63,8 +63,10 @@ $lang->protect_regdate = 'Update/Delete Time Limit';
 $lang->filter_specialchars = 'Block Abuse of Unicode Symbols';
 $lang->document_length_limit = 'Limit Document Size';
 $lang->comment_length_limit = 'Limit Comment Size';
-$lang->about_document_length_limit = 'Restrict documents that are too large. This limit may be triggered by copying and pasting a web page that contains a lot of unnecessary tags.';
-$lang->about_comment_length_limit = 'Restrict comments that are too large.';
+$lang->inline_data_url_limit = 'Limit Data URLs';
+$lang->about_document_length_limit = 'Restrict documents that are too large. This limit may be triggered by pasting content that contains a lot of unnecessary markup.<br>This setting has no effect on the administrator and board managers.';
+$lang->about_comment_length_limit = 'Restrict comments that are too large.<br>This setting has no effect on the administrator and board managers.';
+$lang->about_inline_data_url_limit = 'Restrict data: URLs that can be used to evade file size limits or cause processing issues.<br>This setting also applies to the administrator and board managers.';
 $lang->update_order_on_comment = 'Update Document on New Comment';
 $lang->about_update_order_on_comment = 'When a new comment is posted, update the update timestamp of the parent document. This is needed for forums.';
 $lang->about_filter_specialchars = 'Prevent use of excessive Unicode accents, RLO characters, and other symbols that hinder readability.';
@@ -83,6 +85,7 @@ $lang->msg_protect_regdate_document = 'You cannot update or delete a document af
 $lang->msg_protect_regdate_comment = 'You cannot update or delete a comment after %d days.';
 $lang->msg_dont_have_update_log = 'This document has no update log.';
 $lang->msg_content_too_long = 'The content is too long.';
+$lang->msg_data_url_restricted = 'The content has been restricted due to excessively large data URLs (such as inline images).';
 $lang->original_letter = 'Original';
 $lang->msg_warning_update_log = '<span class="x_label x_label-important">Warning!</span> This can massively increase the size of your database.';
 $lang->comment_delete_message = 'Leave Placeholder for Deleted Comment';

modules/board/lang/ko.php

@@ -64,8 +64,10 @@ $lang->protect_regdate = '기간 제한 기능';
 $lang->filter_specialchars = '유니코드 특수문자 오남용 금지';
 $lang->document_length_limit = '문서 길이 제한';
 $lang->comment_length_limit = '댓글 길이 제한';
-$lang->about_document_length_limit = '지나치게 용량이 큰 글을 작성하지 못하도록 합니다. 지저분한 태그가 많이 붙은 글을 붙여넣기하면 제한을 초과할 수도 있습니다.';
-$lang->about_comment_length_limit = '지나치게 용량이 큰 댓글을 작성하지 못하도록 합니다.';
+$lang->inline_data_url_limit = 'Data URL 제한';
+$lang->about_document_length_limit = '지나치게 용량이 큰 글을 작성하지 못하도록 합니다. 지저분한 태그가 많이 붙은 글을 붙여넣으면 제한을 초과할 수도 있습니다.<br>관리자에게는 적용되지 않습니다.';
+$lang->about_comment_length_limit = '지나치게 용량이 큰 댓글을 작성하지 못하도록 합니다.<br>관리자에게는 적용되지 않습니다.';
+$lang->about_inline_data_url_limit = 'data: URL을 사용하여 첨부 제한을 우회하거나 처리 장애를 일으키는 내용을 제한합니다.<br>이 설정은 관리자에게도 적용됩니다.';
 $lang->update_order_on_comment = '댓글 작성시 글 수정 시각 갱신';
 $lang->about_update_order_on_comment = '댓글이 작성되면 해당 글의 수정 시각을 갱신합니다. 포럼형 게시판, 최근 댓글 표시 기능 등에 필요합니다.';
 $lang->about_filter_specialchars = '가독성에 악영향을 주는 과도한 유니코드 악센트 기호의 조합, RLO 문자 등의 사용을 금지합니다.';
@@ -82,6 +84,7 @@ $lang->msg_protect_regdate_document = '%d일 이상 지난 글은 수정 또는
 $lang->msg_protect_regdate_comment = '%d일 이상 지난 댓글은 수정 또는 삭제할 수 없습니다.';
 $lang->msg_dont_have_update_log = '업데이트 로그가 기록되어 있지 않은 게시글입니다.';
 $lang->msg_content_too_long = '내용이 너무 깁니다.';
+$lang->msg_data_url_restricted = 'Data URL 분량이 너무 많아서 작성이 제한되었습니다.';
 $lang->original_letter = '원본글';
 $lang->msg_warning_update_log = '<span class="x_label x_label-important">주의!</span> 사용시 디비가 많이 늘어날 수 있습니다.';
 $lang->reason_update = '수정한 이유';

modules/board/tpl/board_insert.html

@@ -289,6 +289,13 @@
 				<p class="x_help-block">{$lang->about_comment_length_limit}</p>
 			</div>
 		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->inline_data_url_limit}</label>
+			<div class="x_controls">
+				<input type="number" min="1" name="inline_data_url_limit" id="inline_data_url_limit" value="{$module_info->inline_data_url_limit ?: 64}" /> KB
+				<p class="x_help-block">{$lang->about_inline_data_url_limit}</p>
+			</div>
+		</div>
 		<div class="x_control-group">
 			<label class="x_control-label">{$lang->consultation}</label>
 			<div class="x_controls">