New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create Event - Image Upload Limits #2228

Open
stevejgordon opened this Issue Jan 15, 2018 · 5 comments

Comments

4 participants
@stevejgordon
Member

stevejgordon commented Jan 15, 2018

When logged in as a site admin, organization admin or campaign manager, the user can create new events in allReady.

As per #2219

Currently there is an image upload option but we do not limit the size of the upload or scale the uploaded image. This may lead to unneccesarily large images being uploaded and affecting page load times.

We should do at least one of the following:

Limit the max dimension on the long edge for the image and/or the filesize
Ideally, scale the image or provide a client side image cropper and resizer before uploading the image.
We should also ensure that we only allow image file types to be uploaded. Currently it seems that any file can be chosen and will upload. This could present a security risk!

@stevejgordon

This comment has been minimized.

Member

stevejgordon commented Jan 15, 2018

Reserved for .NET South East codeathon

@Paul-Hadfield

This comment has been minimized.

Collaborator

Paul-Hadfield commented Jan 20, 2018

I'll take a look at this one.

@Paul-Hadfield

This comment has been minimized.

Collaborator

Paul-Hadfield commented Jan 20, 2018

Regarding last comment, the code base for creating and editing events does restrict down to jpg, png, gif.

screen shot 2018-01-20 at 10 27 08

@Paul-Hadfield

This comment has been minimized.

Collaborator

Paul-Hadfield commented Jan 20, 2018

@stevejgordon Limiting on file size is a quick fix for this one, is there a project standard for where to put these values. Web.config good enough? Allow size to be specified in MB, or KB good enough?

Paul-Hadfield added a commit to Paul-Hadfield/allReady that referenced this issue Jan 20, 2018

Fixing HTBox#2228
Added image validator and injecting into controller.   Code will work without validator (doesn't perform check) and defaults to 1MB if no config value provided

stevejgordon added a commit that referenced this issue Jan 20, 2018

Merge pull request #2261 from Paul-Hadfield/master
Fixing #2228 - no image upload size check for create / edit event

Paul-Hadfield added a commit to Paul-Hadfield/allReady that referenced this issue Jan 20, 2018

Validating max file size
As requested in HTBox#2219, we are now validating that the max file size is below a configurable value.  This is using same code as HTBox#2228.  Will go back and tidy up tests in future, creating / editing events didn't have tests implemented but can use  create/edit campaign as template
@stimms

This comment has been minimized.

Contributor

stimms commented Mar 6, 2018

This also looks like it might be done @stevejgordon and @MisterJames

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment