From b367b1ff4064557deacae0f7ecf77fae4624b8c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Wed, 18 Jul 2018 10:07:00 +0200
Subject: Do not close the connection abruptly on too big file uploads (#9083)

---
 api4/brand.go | 4 ++++
 api4/file.go  | 3 +++
 api4/team.go  | 4 ++++
 api4/user.go  | 4 ++++
 4 files changed, 15 insertions(+)

(limited to 'api4')

diff --git a/api4/brand.go b/api4/brand.go
index f182e1070..2e3081353 100644
--- a/api4/brand.go
+++ b/api4/brand.go
@@ -4,6 +4,8 @@
 package api4
 
 import (
+	"io"
+	"io/ioutil"
 	"net/http"
 
 	"github.com/mattermost/mattermost-server/model"
@@ -27,6 +29,8 @@ func getBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
+	defer io.Copy(ioutil.Discard, r.Body)
+
 	if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize {
 		c.Err = model.NewAppError("uploadBrandImage", "api.admin.upload_brand_image.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge)
 		return
diff --git a/api4/file.go b/api4/file.go
index bd8c46405..ab0fbce14 100644
--- a/api4/file.go
+++ b/api4/file.go
@@ -5,6 +5,7 @@ package api4
 
 import (
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -56,6 +57,8 @@ func (api *API) InitFile() {
 }
 
 func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
+	defer io.Copy(ioutil.Discard, r.Body)
+
 	if !*c.App.Config().FileSettings.EnableFileAttachments {
 		c.Err = model.NewAppError("uploadFile", "api.file.attachments.disabled.app_error", nil, "", http.StatusNotImplemented)
 		return
diff --git a/api4/team.go b/api4/team.go
index adb8ae355..6fbc537e9 100644
--- a/api4/team.go
+++ b/api4/team.go
@@ -7,6 +7,8 @@ import (
 	"bytes"
 	"encoding/base64"
 	"fmt"
+	"io"
+	"io/ioutil"
 	"net/http"
 	"strconv"
 
@@ -796,6 +798,8 @@ func getTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func setTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) {
+	defer io.Copy(ioutil.Discard, r.Body)
+
 	c.RequireTeamId()
 	if c.Err != nil {
 		return
diff --git a/api4/user.go b/api4/user.go
index ac702644d..b73354cfd 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -5,6 +5,8 @@ package api4
 
 import (
 	"fmt"
+	"io"
+	"io/ioutil"
 	"net/http"
 	"strconv"
 	"time"
@@ -234,6 +236,8 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
+	defer io.Copy(ioutil.Discard, r.Body)
+
 	c.RequireUserId()
 	if c.Err != nil {
 		return
-- 
cgit v1.2.3-1-g7c22