From 10caea40d4d94e6811a1c086dc5cb554fcad128b Mon Sep 17 00:00:00 2001
From: cTn <ctndesigner@gmail.com>
Date: Wed, 15 Jan 2014 13:07:51 +0100
Subject: [PATCH] don't allow reading files bigger then 1MB

---
 js/backup_restore.js | 54 ++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 24 deletions(-)

diff --git a/js/backup_restore.js b/js/backup_restore.js
index 5a5db94c..611b323a 100644
--- a/js/backup_restore.js
+++ b/js/backup_restore.js
@@ -114,35 +114,41 @@ function configuration_restore() {
         chosenFileEntry.file(function(file) {
             var reader = new FileReader();
 
-            reader.onerror = function (e) {
-                console.error(e);
+            reader.onprogress = function(e) {
+                if (e.total > 1048576) { // 1 MB
+                    // dont allow reading files bigger then 1 MB
+                    console.log('File limit (1 MB) exceeded, aborting');
+                    reader.abort();
+                }
             };
             
             reader.onloadend = function(e) {
-                console.log('Read SUCCESSFUL');
-                
-                try { // check if string provided is a valid JSON
-                    var deserialized_configuration_object = JSON.parse(e.target.result);
-                } catch (e) {
-                    // data provided != valid json object
-                    console.log('Data provided != valid JSON string, restore aborted.');
+                if (e.total != 0 && e.total == e.loaded) {
+                    console.log('Read SUCCESSFUL');
                     
-                    return;
+                    try { // check if string provided is a valid JSON
+                        var deserialized_configuration_object = JSON.parse(e.target.result);
+                    } catch (e) {
+                        // data provided != valid json object
+                        console.log('Data provided != valid JSON string, restore aborted.');
+                        
+                        return;
+                    }
+                    
+                    // replacing "old configuration" with configuration from backup file
+                    var configuration = deserialized_configuration_object;
+                    
+                    // some configuration.VERSION code goes here? will see
+                    
+                    PIDs = configuration.PID;
+                    AUX_CONFIG_values = configuration.AUX_val;
+                    RC_tuning = configuration.RC;
+                    CONFIG.accelerometerTrims = configuration.AccelTrim;
+                    MISC = configuration.MISC;
+                    
+                    // all of the arrays/objects are set, upload changes
+                    configuration_upload();
                 }
-                
-                // replacing "old configuration" with configuration from backup file
-                var configuration = deserialized_configuration_object;
-                
-                // some configuration.VERSION code goes here? will see
-                
-                PIDs = configuration.PID;
-                AUX_CONFIG_values = configuration.AUX_val;
-                RC_tuning = configuration.RC;
-                CONFIG.accelerometerTrims = configuration.AccelTrim;
-                MISC = configuration.MISC;
-                
-                // all of the arrays/objects are set, upload changes
-                configuration_upload();
             };
 
             reader.readAsText(file);