fix #257

lib/TCMS.pm

@@ -75,6 +75,8 @@ sub app {
 
     my $env = shift;
 
+    return _toolong() if length($env->{REQUEST_URI}) > 2048;
+
     # Check eTags.  If we don't know about it, just assume it's good and lazily fill the cache
     # XXX yes, this allows cache poisoning...but only for logged in users!
     if ($env->{HTTP_IF_NONE_MATCH}) {
@@ -229,6 +231,7 @@ sub _generic($type, $query) {
         notfound => \&Trog::Routes::HTML::notfound,
         forbidden => \&Trog::Routes::HTML::forbidden,
         badrequest => \&Trog::Routes::HTML::badrequest,
+        toolong    => \&Trog::Routes::HTML::toolong,
     );
     return $lookup{$type}->($query);
 }
@@ -245,6 +248,10 @@ sub _badrequest($query) {
     return _generic('badrequest', $query);
 }
 
+sub _toolong() {
+    return _generic('toolong', {});
+}
+
 sub _static($path,$start,$last_fetch=0) {
 
     # XXX because of psgi I can't just vomit the file directly

lib/Trog/Routes/HTML.pm

@@ -327,6 +327,10 @@ sub badrequest (@args) {
     return _generic_route('badrequest', 400, "Bad Request", @args);
 }
 
+sub toolong (@args) {
+    return _generic_route('toolong', 419, "URI too long", @args);
+}
+
 =head2 redirect, redirect_permanent, see_also
 
 Redirects to the provided page.

www/templates/toolong.tx

@@ -0,0 +1,3 @@
+419 Excessive URL length
+<br /><br />
+Please send URLs shorter than 2048 characters.