diff --git a/app/__init__.py b/app/__init__.py
index 5d6476c..d20c74d 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -123,7 +123,7 @@ def create_app():
app.config["SECRET_KEY"] = os.getenv("FLASK_SECRET_KEY")
app.config['AVATAR_UPLOAD_PATH'] = 'data/static/avatars/'
- app.config['MAX_CONTENT_LENGTH'] = 1000 * 1000
+ app.config['MAX_CONTENT_LENGTH'] = 3 * 1000 * 1000 # 3M total, subject to further limits per route
os.makedirs(os.path.dirname(app.config["DB_PATH"]), exist_ok = True)
diff --git a/app/routes/users.py b/app/routes/users.py
index 33b5368..36c96a7 100644
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -20,6 +20,8 @@ import time
import re
import os
+AVATAR_MAX_SIZE = 1000 * 1000
+
bp = Blueprint("users", __name__, url_prefix = "/users/")
@@ -451,6 +453,14 @@ def set_avatar(username):
flash('Avatar missing.', InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
+ file.seek(0, os.SEEK_END)
+ file_size = file.tell()
+ file.seek(0, os.SEEK_SET)
+
+ if file_size > AVATAR_MAX_SIZE:
+ flash('Avatar image is over 1MB.', InfoboxKind.ERROR)
+ return redirect(url_for('.settings', username=user.username))
+
file_bytes = file.read()
now = int(time.time())
diff --git a/app/templates/users/settings.html b/app/templates/users/settings.html
index 26e03ae..056c8c4 100644
--- a/app/templates/users/settings.html
+++ b/app/templates/users/settings.html
@@ -15,7 +15,7 @@
- 1MB maximum size. Avatar will be scaled down to fit a square.
+ 1MB maximum size. Avatar will be cropped to square.