-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#1112] Allow to limit the size of whole request or the size of one uploaded file in a request #1110
Conversation
@xael-fry This is definitely good PR. I suggest to merge it ASAP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update the documentation with the new parameters?
224e374
to
195c9cd
Compare
@xael-fry We have updated the documentation.
Without that, it's possible that hacker can upload 100TB file to server. |
@@ -612,12 +612,12 @@ public void setHeaders(FileItemHeaders pHeaders) { | |||
* The maximum size permitted for the complete request, as opposed to | |||
* {@link #fileSizeMax}. A value of -1 indicates no maximum. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fileSizeMax no longer exist as you rename it
…ze of one uploaded file in a request. The configuration parameters are: 'upload.sizeMax' and 'upload.fileSizeMax'. The defaults stay the same -1 which means 'unlimited'.
@xael-fry Fixed parameter name in javadoc, thank you. What about setting default values to something reasonable? |
@asolntsev I don't think we should define default value here, some user handle request size limit with a a front apache server, so setting new value may cause conflict when upgrading |
…file in a request.
The configuration parameters are: 'upload.sizeMax' and 'upload.fileSizeMax'.
The defaults stay the same -1 which means 'unlimited'.