[SECURITY] Avoid DoS in Online Media Helper
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Resource / OnlineMedia / Helpers / AbstractOnlineMediaHelper.php
index 68e835c..61fbd9d 100644 (file)
@@ -59,6 +59,10 @@ abstract class AbstractOnlineMediaHelper implements OnlineMediaHelperInterface
     public function getOnlineMediaId(File $file)
     {
         if (!isset($this->onlineMediaIdCache[$file->getUid()])) {
+            // Limiting media identifier to 2048 bytes
+            if ($file->getSize() > 2048) {
+                return '';
+            }
             // By definition these files only contain the ID of the remote media source
             $this->onlineMediaIdCache[$file->getUid()] = trim($file->getContents());
         }