Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-11-16 01:21:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Raise IllegalArgumentExceptions using ExceptionUtils. Add MAX_PAGES, MAX_COLS, MAX_ROWS to prevent users from DDoS-ing themselves

Browse Source
This commit is contained in:
OUNZAR Aymane 2025-11-12 10:54:39 +01:00
parent d7fa60d670
commit 454864d77d
1 changed files with 52 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
app/core/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java
View File

@ -27,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.model.api.general.MergeMultiplePagesRequest; import stirling.software.SPDF.model.api.general.MergeMultiplePagesRequest;
import stirling.software.common.service.CustomPDFDocumentFactory; import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.ExceptionUtils;
import stirling.software.common.util.FormUtils; import stirling.software.common.util.FormUtils;
import stirling.software.common.util.GeneralUtils; import stirling.software.common.util.GeneralUtils;
import stirling.software.common.util.WebResponseUtils; import stirling.software.common.util.WebResponseUtils;
@ -49,6 +50,10 @@ public class MultiPageLayoutController {
public ResponseEntity<byte[]> mergeMultiplePagesIntoOne( public ResponseEntity<byte[]> mergeMultiplePagesIntoOne(
@ModelAttribute MergeMultiplePagesRequest request) throws IOException { @ModelAttribute MergeMultiplePagesRequest request) throws IOException {
int MAX_PAGES = 10000;
int MAX_COLS = 300;
int MAX_ROWS = 300;
String mode = request.getMode(); String mode = request.getMode();
if (mode == null || mode.trim().isEmpty()) { if (mode == null || mode.trim().isEmpty()) {
mode = "DEFAULT"; mode = "DEFAULT";
@ -64,8 +69,11 @@ public class MultiPageLayoutController {
&& pagesPerSheet != 3 && pagesPerSheet != 3
&& pagesPerSheet && pagesPerSheet
!= (int) Math.sqrt(pagesPerSheet) * Math.sqrt(pagesPerSheet)) { != (int) Math.sqrt(pagesPerSheet) * Math.sqrt(pagesPerSheet)) {
throw new IllegalArgumentException( throw ExceptionUtils.createIllegalArgumentException(
"pagesPerSheet must be 2, 3 or a perfect square"); "error.invalidFormat",
"Invalid {0} format: {1}",
"pagesPerSheet",
"only 2, 3, and perfect squares are supported");
} }
cols = cols =
@ -81,13 +89,42 @@ public class MultiPageLayoutController {
rows = request.getRows(); rows = request.getRows();
cols = request.getCols(); cols = request.getCols();
if (rows <= 0 || cols <= 0) { if (rows <= 0 || cols <= 0) {
throw new IllegalArgumentException( throw ExceptionUtils.createIllegalArgumentException(
"rows and cols must be greater than 0 in CUSTOM mode"); "error.invalidFormat",
"Invalid {0} format: {1}",
"rows and cols",
"only strictly positive values are allowed");
} }
pagesPerSheet = cols * rows; pagesPerSheet = cols * rows;
break; break;
default: default:
throw new IllegalArgumentException("Mode must be CUSTOM or DEFAULT"); throw ExceptionUtils.createIllegalArgumentException(
"error.invalidFormat",
"Invalid {0} format: {1}",
"mode",
"only 'DEFAULT' and 'CUSTOM' are supported");
}
if (pagesPerSheet > MAX_PAGES) {
throw ExceptionUtils.createIllegalArgumentException(
"error.invalidArgument",
"Invalid {0} format: {1}",
"pagesPerSheet",
"must be less than " + MAX_PAGES);
}
if (cols > MAX_COLS) {
throw ExceptionUtils.createIllegalArgumentException(
"error.invalidArgument",
"Invalid {0} format: {1}",
"cols",
"must be less than " + MAX_COLS);
}
if (rows > MAX_ROWS) {
throw ExceptionUtils.createIllegalArgumentException(
"error.invalidArgument",
"Invalid {0} format: {1}",
"rows",
"must be less than " + MAX_ROWS);
} }
MultipartFile file = request.getFileInput(); MultipartFile file = request.getFileInput();
@ -96,7 +133,11 @@ public class MultiPageLayoutController {
orientation = "PORTRAIT"; orientation = "PORTRAIT";
} }
if (!"PORTRAIT".equals(orientation) && !"LANDSCAPE".equals(orientation)) { if (!"PORTRAIT".equals(orientation) && !"LANDSCAPE".equals(orientation)) {
throw new IllegalArgumentException("Orientation must be PORTRAIT or LANDSCAPE"); throw ExceptionUtils.createIllegalArgumentException(
"error.invalidFormat",
"Invalid {0} format: {1}",
"orientation",
"only 'PORTRAIT' and 'LANDSCAPE' are supported");
} }
String pageOrder = request.getPageOrder(); String pageOrder = request.getPageOrder();
if (pageOrder == null || pageOrder.trim().isEmpty()) { if (pageOrder == null || pageOrder.trim().isEmpty()) {
@ -182,8 +223,11 @@ public class MultiPageLayoutController {
rowIndex = adjustedPageIndex % rows; rowIndex = adjustedPageIndex % rows;
break; break;
default: default:
throw new IllegalArgumentException( throw ExceptionUtils.createIllegalArgumentException(
"Page order must be one of the following supported options: LR_TD, RL_TD, TD_LR, or TD_RL."); "error.invalidFormat",
"Invalid {0} format: {1}",
"pageOrder",
"only 'LR_TD', 'RL_TD', 'TD_LR', and 'TD_RL' are supported");
} }
float x = colIndex * cellWidth + (cellWidth - rect.getWidth() * scale) / 2; float x = colIndex * cellWidth + (cellWidth - rect.getWidth() * scale) / 2;