[SECURITY] Avoid DoS in Online Media Helper 89/59089/2
authorOliver Hader <oliver@typo3.org>
Tue, 11 Dec 2018 09:55:36 +0000 (10:55 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:55:37 +0000 (10:55 +0100)
commit7a5155e0137d01db7e5723849f0493ad5b0c98ac
treeed06b37639cbaa85cfb6749a6a47a902487dc99b
parentb4dd20f31d483f6399e8bcbffcac3e16a2df0d92
[SECURITY] Avoid DoS in Online Media Helper

Using large media files (*.youtube, *.vimeo in the TYPO3 core)
might lead to denial of service scenarios. In order to avoid
that, media files are limited to have a content size of 2048
bytes as a maximum. Usually these files contain just the remote
identifier - thus, ~20 bytes should have been sufficient already.

Resolves: #85381
Releases: master, 8.7, 7.6
Security-Commit: 0e334ba09c9676616598162c0212db931fa38c6e
Security-Bulletin: TYPO3-CORE-SA-2018-011
Change-Id: I50fd11932d9acc9990a92e1a6c9da873d340e619
Reviewed-on: https://review.typo3.org/59089
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Resource/OnlineMedia/Helpers/AbstractOnlineMediaHelper.php