feat: Portal, Email Inbound, Discuss + module improvements
- Portal: /my/* routes, signup, password reset, portal user support - Email Inbound: IMAP polling (go-imap/v2), thread matching - Discuss: mail.channel, long-polling bus, DM, unread count - Cron: ir.cron runner (goroutine scheduler) - Bank Import, CSV/Excel Import - Automation (ir.actions.server) - Fetchmail service - HR Payroll model - Various fixes across account, sale, stock, purchase, crm, hr, project Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marc
@@ -20,12 +20,27 @@ func (s *Server) handleUpload(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// Parse multipart form (max 128MB)
|
||||
if err := r.ParseMultipartForm(128 << 20); err != nil {
|
||||
// Limit upload size to 50MB
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 50<<20)
|
||||
|
||||
// Parse multipart form (max 50MB)
|
||||
if err := r.ParseMultipartForm(50 << 20); err != nil {
|
||||
http.Error(w, "File too large", http.StatusRequestEntityTooLarge)
|
||||
return
|
||||
}
|
||||
|
||||
// CSRF validation for multipart form uploads.
|
||||
// Mirrors: odoo/http.py validate_csrf()
|
||||
sess := GetSession(r)
|
||||
if sess != nil {
|
||||
csrfToken := r.FormValue("csrf_token")
|
||||
if csrfToken != sess.CSRFToken {
|
||||
log.Printf("upload: CSRF token mismatch for uid=%d", sess.UID)
|
||||
http.Error(w, "CSRF validation failed", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
file, header, err := r.FormFile("ufile")
|
||||
if err != nil {
|
||||
http.Error(w, "No file uploaded", http.StatusBadRequest)
|
||||
|
||||
Reference in New Issue
Block a user