GitLab

dos-protection configuration is introducted since zope 5.8.4 https://github.com/zopefoundation/Zope/blob/master/CHANGES.rst#584-2023-09-06

it's only for python3

the default value is: https://github.com/zopefoundation/Zope/blob/5.11.1/src/ZPublisher/HTTPRequest.py#L56-L58

FORM_MEMORY_LIMIT = 2 ** 20   # memory limit for forms
FORM_DISK_LIMIT = 2 ** 30     # disk limit for forms
FORM_MEMFILE_LIMIT = 2 ** 12  # limit for `BytesIO` -> temporary file switch

but FORM_MEMORY_LIMIT: 1MB seems really too lower

For wendelin ingestion, we got

Traceback (most recent call last):
  File "erp5/component/document/erp5_version.py", line 80, in ingest
    self.REQUEST.form['data_chunk'] = self.REQUEST.get('BODY')
  File "ZPublisher/HTTPRequest.py", line 1058, in get
    v = self.other[key] = self._fs.value
  File "ZPublisher/HTTPRequest.py", line 1371, in __get__
    raise BadRequest("data exceeds memory limit")
zExceptions.BadRequest: data exceeds memory limit

let's make it configurable and change FORM_MEMORY_LIMIT default value to 10MB, there has no change for other value