Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Craft CMS security scans: upload of over-the-limit file hangs the system; should it throw exception/error? #5278

Open
mikefats opened this issue Nov 28, 2019 · 2 comments
Assignees

Comments

@mikefats
Copy link

@mikefats mikefats commented Nov 28, 2019

Description

We are putting our new Craft CMS 3.2 install (dev environment) through some security scan paces, including uploads of 500Mb files. We'd expect to throw an exception message/error page on an over-the-limit file, but it is not doing that currently (it simply hangs).

When we run these scans against other CMS applications, when the upload is attempted, an error is thrown by the web server and the underlying CMS applications continue to function as they should as do the actual scans. This is not the case when it comes to Craft.

To pass the security scan, we'd like Craft to throw an error, not just 'hang.'

If Craft is hanging or timing out while you’re uploading a large file, or if you get the error message “The uploaded file is empty”, you’re probably running into a limitation imposed by your server’s configuration. https://craftcms.com/guides/troubleshooting-unsuccessful-file-uploads

Our PHP Info:
memory_limit 512M;
upload_max_filesize 256M

Steps to reproduce

  1. upload a 500Mb file
  2. Craft CMS 'hangs'

Additional info

  • Craft version: 3.3.15
  • PHP version: 7.2.19
  • Database driver & version: MySQL 5.7.27
  • Plugins & versions:
    Element API | 2.6.0
    Field Manager | 2.1.0
    Redactor | 2.4.0
@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Nov 29, 2019

Go to Utilities → PHP Info. What is your upload_max_filesize setting set to?

@mikefats

This comment has been minimized.

Copy link
Author

@mikefats mikefats commented Nov 29, 2019

upload_max_filesize is set to 256M

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.