21805a85e551d9688edb34683f955c8a41710e80
jcasper
  Wed Mar 18 22:17:44 2026 -0700
Added a #defined-out version of cgiDecode that's much faster for large cart variables.
Came up once years ago but was never put into practice.  refs #37262

diff --git src/inc/cheapcgi.h src/inc/cheapcgi.h
index 19c5df3b577..f60e578e7ea 100644
--- src/inc/cheapcgi.h
+++ src/inc/cheapcgi.h
@@ -1,30 +1,38 @@
 /* cheapcgi.h - turns variables passed from the web form into
  * something that C understands. 
  * 
  * This file is copyright 2000 Jim Kent, but license is hereby
  * granted for all use - public, private or commercial. */
 
 #ifndef CHEAPCGI_H
 #define CHEAPCGI_H
 
 #include "dystring.h"
 
 #ifndef HASH_H
 #include "hash.h"
 #endif
 
+// #define FAST_CGI_DECODE
+#ifdef FAST_CGI_DECODE
+// 50kB per-variable limit on content length to prevent egregious
+// cart-stuffing, whether intentional or accidental.  5kB limit
+// on variable names for similar reasons.
+#define CGI_VAR_SIZE_LIMIT 50000
+#define CGI_VAR_NAME_LIMIT 5000
+#endif
 
 //============ javascript inline-separation routines ===============
 
 void jsInlineFinish();
 /* finish outputting accumulated inline javascript */
 
 void jsInline(char *javascript);
 /* Add text to output file or memory structure */
 
 void jsInlineF(char *format, ...)
 /* Add javascript text to output file or memory structure */
 #if defined(__GNUC__)
 __attribute__((format(printf, 1, 2)))
 #endif
 ;