Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve file size limits #356

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Improve file size limits #356

wants to merge 3 commits into from

Conversation

hannesbraun
Copy link
Contributor

@hannesbraun hannesbraun commented Nov 14, 2022
edited
Loading

This allows submitting a zip file larger than 1 MB. Until now, there was a hard-coded limitation of 1 MB in the size of the sum of the file sizes in an uploaded zip file. The goal was to prevent accepting zip bombs. However, this limit can sometimes be exceeded when the zip file contains images or PDF files. To keep things simple, using the same limit as for the maximum file size is probably fine, in my opinion, and serves the purpose.

Additionally, I fixed the following:

  • The unit displayed for max_file_size was technically incorrect. As we're multiplying by 1024, the correct unit is kibibyte.
  • The error message for exceeding the maximum file size contained an error itself. The format character was missing and there was a typo in the word "supported".

Again: the tests don't pass because I didn't merge #348 into this branch.

@hannesbraun
Fix unit of max_file_size
092d72f
@hannesbraun
Make zip size limit configurable through max_file_size
6c0e900 
The parameter max_file_size now also controls the maximum size of the sum of file sizes in an uploaded zip file. This allows uploading zip files larger than 1 MB (if configured).
@hannesbraun
Fix error message for exceeding max_file_size
3a1a6ad
@ifrh ifrh mentioned this pull request Dec 31, 2022
Open
ifrh
ifrh reviewed Dec 31, 2022
View reviewed changes
src/solutions/forms.py
@@ -47,7 +47,8 @@ def clean_file(self):
zip = zipfile.ZipFile(data)
if zip.testzip():
raise forms.ValidationError(_('The zip file seems to be corrupt.'))
if sum(fileinfo.file_size for fileinfo in zip.infolist()) > 1000000:
if sum(fileinfo.file_size for fileinfo in zip.infolist()) > max_file_size:
Copy link
Contributor

@ifrh ifrh Dec 31, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better fix is:
if sum(fileinfo.file_size for fileinfo in zip.infolist()) > (max_file_size * len(zip.infolist())):

@ifrh ifrh mentioned this pull request Jan 3, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ifrh ifrh ifrh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hannesbraun @ifrh