mention security feature in body_params description

mojolicious · Mar 3, 2012 · c174391 · c174391
1 parent 365c6eb
commit c174391
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/lib/Mojo/Asset/Memory.pm b/lib/Mojo/Asset/Memory.pm
@@ -117,8 +117,8 @@ automatically upgrade to a L<Mojo::Asset::File> object.
   my $size = $mem->max_memory_size;
   $mem     = $mem->max_memory_size(1024);
 
-Maximum asset size in bytes, only attempt upgrading to a L<Mojo::Asset::File>
-object after reaching this limit, defaults to the value of the
+Maximum size in bytes of data to keep in memory before automatically
+upgrading to a L<Mojo::Asset::File> object, defaults to the value of the
 C<MOJO_MAX_MEMORY_SIZE> environment variable or C<262144>.
 
 =head1 METHODS

diff --git a/lib/Mojo/Message.pm b/lib/Mojo/Message.pm
@@ -622,7 +622,11 @@ Access C<content> data or replace all subscribers of the C<read> event.
 
   my $params = $message->body_params;
 
-C<POST> parameters, usually a L<Mojo::Parameters> object.
+C<POST> parameters extracted from C<x-application-urlencoded>,
+C<application/x-www-form-urlencoded> or C<multipart/form-data> message
+content, usually a L<Mojo::Parameters> object. For security reasons only
+content that does not exceed L<Mojo::Asset::Memory/"max_memory_size"> will be
+parsed.
 
   say $message->body_params->param('foo');