From fa0cc41f81cef8df216b1fab12d06bcbe615f0f5 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Thu, 6 Feb 2025 16:33:09 +0100 Subject: [PATCH] Fix #32964 - default value must be very high --- htdocs/core/lib/geturl.lib.php | 2 +- htdocs/webportal/controllers/document.controller.class.php | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/geturl.lib.php b/htdocs/core/lib/geturl.lib.php index c25b095df08..70ba14f40b1 100644 --- a/htdocs/core/lib/geturl.lib.php +++ b/htdocs/core/lib/geturl.lib.php @@ -114,7 +114,7 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation = curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, getDolGlobalInt('MAIN_USE_CONNECT_TIMEOUT', 5)); curl_setopt($ch, CURLOPT_TIMEOUT, getDolGlobalInt('MAIN_USE_RESPONSE_TIMEOUT', 30)); - // limit size of downloaded files. TODO Add MAIN_SECURITY_MAXFILESIZE_DOWNLOADED + // limit size of downloaded files. $maxsize = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED'); if ($maxsize && defined('CURLOPT_MAXFILESIZE_LARGE')) { curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize); // @phan-suppress-current-line PhanTypeMismatchArgumentNullableInternal diff --git a/htdocs/webportal/controllers/document.controller.class.php b/htdocs/webportal/controllers/document.controller.class.php index 2efd83fd953..6ea2e265d61 100644 --- a/htdocs/webportal/controllers/document.controller.class.php +++ b/htdocs/webportal/controllers/document.controller.class.php @@ -213,9 +213,8 @@ class DocumentController extends Controller } $fileSize = dol_filesize($fullpath_original_file); - $fileSizeMaxDefault = 20 * 1024; // 20 Mo by default - $fileSizeMax = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', $fileSizeMaxDefault); - if ($fileSize > $fileSizeMax) { + $fileSizeMax = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED'); + if ($fileSizeMax && $fileSize > $fileSizeMax) { dol_syslog('ErrorFileSizeTooLarge: ' . $fileSize); print 'ErrorFileSizeTooLarge: ' . $fileSize . ' (max ' . $fileSizeMax . ')'; exit;