NEW Option MAIN_SECURITY_MAXFILESIZE_DOWNLOADED become official

htdocs/admin/security_file.php

@@ -105,7 +105,10 @@ if ($action == 'updateform') {
 		$res5 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim($antivircommand), 'chaine', 0, '', $conf->entity);
 		$res6 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim($antivirparam), 'chaine', 0, '', $conf->entity);
 		$res7 = dolibarr_set_const($db, "MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION", GETPOST('MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION', 'alpha'), 'chaine', 0, '', $conf->entity);
-		if ($res3 && $res4 && $res5 && $res6 && $res7) {
+
+		$res8 = dolibarr_set_const($db, "MAIN_SECURITY_MAXFILESIZE_DOWNLOADED", GETPOST('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', 'alpha'), 'chaine', 0, '', $conf->entity);
+
+		if ($res3 && $res4 && $res5 && $res6 && $res7 && $res8) {
 			setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
 		}
 	}
@@ -152,7 +155,7 @@ print '<br>';
 print '<div class="div-table-responsive-no-min">';
 print '<table class="noborder centpercent nomarginbottom">';
 print '<tr class="liste_titre">';
-print '<td>'.$langs->trans("Parameters").'</td>';
+print '<td>'.$langs->trans("Upload").'</td>';
 print '<td></td>';
 print '</tr>';
 
@@ -230,6 +233,34 @@ print '</tr>';
 print '</table>';
 print '</div>';
 
+
+print '<br>';
+
+
+// Download options
+
+print '<div class="div-table-responsive-no-min">';
+print '<table class="noborder centpercent nomarginbottom">';
+print '<tr class="liste_titre">';
+print '<td>'.$langs->trans("Download").'</td>';
+print '<td></td>';
+print '</tr>';
+
+print '<tr class="oddeven">';
+print '<td>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'<br>';
+//print '<span class="opacitymedium">'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</span>';
+print '</td>';
+print '<td>';
+print '<input type="text" name="MAIN_SECURITY_MAXFILESIZE_DOWNLOADED" class="width100 right" spellcheck="false" value="'.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED').'"> '.$langs->trans("Kb");
+print "</td>";
+print '</tr>';
+
+print '</table>';
+print '</div>';
+
+
+
+
 print dol_get_fiche_end();
 
 print $form->buttonsSaveCancel("Modify", '');

htdocs/admin/system/security.php

@@ -544,6 +544,10 @@ print '<br>';
 print '<br>';
 
 
+print '<strong>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</strong> = '.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': < 100000)</span>')."<br>";
+print '<br>';
+
+
 
 $securityevent = new Events($db);
 $eventstolog = $securityevent->eventstolog;
@@ -835,9 +839,6 @@ if ($execmethod == 2) {
 print '<br>';
 print '<br>';
 
-print '<strong>MAIN_SECURITY_MAXFILESIZE_DOWNLOADED</strong> = '.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 100000000)</span>')."<br>";
-print '<br>';
-
 print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
 print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span>";
 

htdocs/core/lib/admin.lib.php

@@ -857,7 +857,7 @@ function ihm_prepare_head()
  */
 function security_prepare_head()
 {
-	global $db, $langs, $conf, $user;
+	global $db, $langs, $conf;
 	$h = 0;
 	$head = array();
 
@@ -877,7 +877,7 @@ function security_prepare_head()
 	$h++;
 
 	$head[$h][0] = DOL_URL_ROOT."/admin/security_file.php";
-	$head[$h][1] = $langs->trans("Files").' ('.$langs->trans("Upload").')';
+	$head[$h][1] = $langs->trans("Files").' ('.$langs->trans("UploadName").' | '.$langs->trans("Download").')';
 	$head[$h][2] = 'file';
 	$h++;
 

htdocs/core/lib/geturl.lib.php

@@ -123,10 +123,10 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
 	// limit size of downloaded files.
 	$maxsize = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED');
 	if ($maxsize && defined('CURLOPT_MAXFILESIZE_LARGE')) {
-		curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize);  // @phan-suppress-current-line PhanTypeMismatchArgumentNullableInternal
+		curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize * 1024);  // @phan-suppress-current-line PhanTypeMismatchArgumentNullableInternal
 	}
 	if ($maxsize && defined('CURLOPT_MAXFILESIZE')) {
-		curl_setopt($ch, CURLOPT_MAXFILESIZE, $maxsize);
+		curl_setopt($ch, CURLOPT_MAXFILESIZE, $maxsize * 1024);
 	}
 
 	//curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true);	// PHP 5.5

htdocs/langs/en_US/admin.lang

@@ -2655,3 +2655,5 @@ Blocking=Blocking
 NoBlocking=No blocking
 MULTICURRENCY_APP_ENDPOINT=API endpoint URL to get live multicurrencies from a source currency
 NoWebsite=No website
+UploadName=Upload
+MAIN_SECURITY_MAXFILESIZE_DOWNLOADED=Max size of downloaded files

htdocs/webportal/controllers/document.controller.class.php

@@ -216,7 +216,7 @@ class DocumentController extends Controller
 		$fileSizeMax = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED');
 		if ($fileSizeMax && $fileSize > $fileSizeMax) {
 			dol_syslog('ErrorFileSizeTooLarge: ' . $fileSize);
-			print 'ErrorFileSizeTooLarge: ' . $fileSize . ' (max ' . $fileSizeMax . ')';
+			print 'ErrorFileSizeTooLarge: ' . $fileSize . ' (max ' . $fileSizeMax . ' Kb)';
 			exit;
 		}