AkibaMap

security: protect against huge file uploads

Bug #412487 reported by Janos Gyerik on 2009-08-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AkibaMap	Fix Released	High	Janos Gyerik	AkibaMap kickoff

Bug Description

Currently there is no cap on file upload size. This should be fixed.
The "file too big" error should be printed to users, and logged too.

Tags:

Janos Gyerik (janos-gyerik) on 2009-08-13

Changed in akibamap:
assignee:	nobody → Janos Gyerik (janos-gyerik)
milestone:	proper1 → kickoff

Janos Gyerik (janos-gyerik) on 2009-08-14

Changed in akibamap:
status:	Confirmed → Fix Released

Revision history for this message

Janos Gyerik (janos-gyerik) wrote on 2009-08-14:

To properly guard against bad users uploading gigabytes of junk, there is a setting upload_max_filesize. Unfortunately this cannot be set by the website (ini_set), only in php.ini or httpd.conf or .htaccess. I added .htaccess with the setting, but of course this will only work in apache servers. Adding it to php.ini is not really feasible anyway, because that would become a site-wide setting. (Or not?)

Anyway, this will be less of an issue once proper authentication is in place. Then we can simply deny access to misbehaving users.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.