Security Fix for Distributed denial of service - huntr.dev

@DEMON1A (https://huntr.dev/users/DEMON1A) has fixed a potential Distributed denial of service vulnerability in your repository 🔨. For more information, visit our website (https://huntr.dev/) or click the bounty URL below...

User Comments:

📊 Metadata *

Lack Of Filenames Length Validation Leads To DDoS By Storing Huge Values In The DataBase.

Bounty URL: https://www.huntr.dev/bounties/1-other-shupload/

⚙️ Description *

In Shupload, You're Storing The Original Filenames On The Database Without Validating It. And Since There's No Authentication Required. Remote Attackers Are Able To Insert Huge Values On The Database Then Interact With It And Requesting It From The Server Resulting In Both Client-Side/Server-Side DoS By Increasing The CPU Usage On The Server For The Server And On The Browser For The User.
Attackers Are Able To Freeze The Next Shupload Run By Inserting Huge Values Into The Database. So When ./shupload Is Running. It Will Take a Lot Of Time Loading The Data From The Database Then Start. Until The Data Is Loaded The Program Won't Start. Multiple Users Doing The Same Action Can Perform a DDoS Attack On The Server.

💻 Technical Description *

Lack Of Input Length Validation Resulting In DDoS In Furthur Communation.
My Fix Was To Create a Length Validation On h.Filename To Check If It's Larger Than 100 Character. If It's Then Nothing Gonna Be Saved

if (len(h.Filename) > 100) {
  return
}

🐛 Proof of Concept (PoC) *

Check The Screen Shot On The Bounty URL I Provided.

🔥 Proof of Fix (PoF) *

Here's Screen Shot For an Image Example Uploaded With More Than 100 Character On The Filename. The Server Didn't Accept/Store It On The Database Due To The Fix I Added.

Shupload-POF