From fad4746f6eb87b7e4f5e7496dba35b8b09f80edb Mon Sep 17 00:00:00 2001 From: Stepan Date: Mon, 17 Jul 2023 11:45:16 +0300 Subject: [PATCH] added docs for max_form_parts and default is 1000 --- docs/config.rst | 8 ++++++++ src/flask/app.py | 2 +- src/flask/wrappers.py | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/config.rst b/docs/config.rst index 7828fb92..52e9e094 100644 --- a/docs/config.rst +++ b/docs/config.rst @@ -259,6 +259,14 @@ The following configuration values are used internally by Flask: Default: ``None`` +.. py:data:: MAX_FORM_PARTS + + Stop reading request data if more than this number + of parts are sent in multipart form data. This is useful to stop a very large number + of very small parts, especially file parts. + + Default: ``1000`` + .. py:data:: TEMPLATES_AUTO_RELOAD Reload templates when they are changed. If not set, it will be enabled in diff --git a/src/flask/app.py b/src/flask/app.py index a115a6c7..bb42d262 100644 --- a/src/flask/app.py +++ b/src/flask/app.py @@ -309,7 +309,7 @@ class Flask(Scaffold): "SESSION_COOKIE_SAMESITE": None, "SESSION_REFRESH_EACH_REQUEST": True, "MAX_CONTENT_LENGTH": None, - "MAX_FORM_PARTS": 5000, + "MAX_FORM_PARTS": 1000, "SEND_FILE_MAX_AGE_DEFAULT": None, "TRAP_BAD_REQUEST_ERRORS": None, "TRAP_HTTP_EXCEPTIONS": False, diff --git a/src/flask/wrappers.py b/src/flask/wrappers.py index 54070eda..fc0c048c 100644 --- a/src/flask/wrappers.py +++ b/src/flask/wrappers.py @@ -65,7 +65,7 @@ class Request(RequestBase): if current_app: return current_app.config["MAX_FORM_PARTS"] else: - return None + return 1000 @property def endpoint(self) -> str | None: