[!!!][TASK] Remove TYPO3 Upload Limit 06/43806/6
authorBenjamin Mack <benni@typo3.org>
Thu, 5 Nov 2015 06:22:16 +0000 (07:22 +0100)
committerBenni Mack <benni@typo3.org>
Thu, 5 Nov 2015 13:29:20 +0000 (14:29 +0100)
TYPO3 has a specific upload limit, that is set to 10MB by default,
but could be lower if PHP settings are not correct.

This patch removes all file upload limit restrictions while keeping
TYPO3 in line with PHP settings as all proper methods are already
used to detect the maximum upload file size.

Resolves: #71110
Releases: master
Change-Id: I74e2e563904a5cfe5c3570e77ece86280761370b
Reviewed-on: https://review.typo3.org/43806
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Stephan GroƟberndt <stephan@grossberndt.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Documentation/Changelog/master/Breaking-71110-TYPO3-specificUploadLimitRemoved.rst [new file with mode: 0644]
typo3/sysext/frontend/Configuration/TCA/fe_users.php
typo3/sysext/impexp/Tests/Functional/Fixtures/Extensions/impexp_group_files/Configuration/TCA/tx_impexpgroupfiles_item.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
typo3/sysext/install/Classes/SystemEnvironment/Check.php

index a88f70a..d24bc28 100755 (executable)
@@ -3153,18 +3153,12 @@ Connection: close
     /**
      * Returns the maximum upload size for a file that is allowed. Measured in KB.
      * This might be handy to find out the real upload limit that is possible for this
-     * TYPO3 installation. The first parameter can be used to set something that overrides
-     * the maxFileSize, usually for the TCA values.
+     * TYPO3 installation.
      *
-     * @param int $localLimit the number of Kilobytes (!) that should be used as
      * @return int The maximum size of uploads that are allowed (measured in kilobytes)
      */
-    public static function getMaxUploadFileSize($localLimit = 0)
+    public static function getMaxUploadFileSize()
     {
-        // Don't allow more than the global max file size at all
-        $t3Limit = (int)($localLimit > 0 ? $localLimit : $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']);
-        // As TYPO3 is handling the file size in KB, multiply by 1024 to get bytes
-        $t3Limit = $t3Limit * 1024;
         // Check for PHP restrictions of the maximum size of one of the $_FILES
         $phpUploadLimit = self::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
         // Check for PHP restrictions of the maximum $_POST size
@@ -3172,8 +3166,7 @@ Connection: close
         // If the total amount of post data is smaller (!) than the upload_max_filesize directive,
         // then this is the real limit in PHP
         $phpUploadLimit = $phpPostLimit > 0 && $phpPostLimit < $phpUploadLimit ? $phpPostLimit : $phpUploadLimit;
-        // Is the allowed PHP limit (upload_max_filesize) lower than the TYPO3 limit?, also: revert back to KB
-        return floor(($phpUploadLimit < $t3Limit ? $phpUploadLimit : $t3Limit)) / 1024;
+        return floor(($phpUploadLimit)) / 1024;
     }
 
     /**
index ee8f197..9dd856c 100644 (file)
@@ -724,7 +724,6 @@ return array(
         'adminOnly' => 0,                                // <p>Integer (-1, 0, 1, 2)</p><dl><dt>-1</dt><dd>total shutdown for maintenance purposes</dd><dt>0</dt><dd>normal operation, everyone can login (default)</dd><dt>1</dt><dd>only admins can login</dd><dt>2</dt><dd>only admins and regular CLI users can login</dd></dl>
         'disable_exec_function' => false,                // Boolean: Don't use exec() function (except for ImageMagick which is disabled by <a href="#GFX-im">[GFX][im]</a>=0). If set, all fileoperations are done by the default PHP-functions. This is necessary under Windows! On Unix the system commands by exec() can be used, unless this is disabled.
         'compressionLevel' => 0,                        // Determines output compression of BE output. Makes output smaller but slows down the page generation depending on the compression level. Requires a) zlib in your PHP installation and b) special rewrite rules for .css.gzip and .js.gzip (please see _.htacces for an example). Range 1-9, where 1 is least compression and 9 is greatest compression. 'true' as value will set the compression based on the PHP default settings (usually 5). Suggested and most optimal value is 5.
-        'maxFileSize' => '10240',                        // Integer: If set this is the max filesize in KB's for file operations in the backend. Can be overridden through $TCA per table field separately.
         'installToolPassword' => '',                    // String: This is the md5-hashed, salted password for the Install Tool. Set this to '' and access will be totally denied. You may consider to externally protect the typo3/sysext/install/ folder, eg. with a .htaccess file.
         'pageTree' => array(
             'preloadLimit' => 50
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-71110-TYPO3-specificUploadLimitRemoved.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-71110-TYPO3-specificUploadLimitRemoved.rst
new file mode 100644 (file)
index 0000000..3e71ed8
--- /dev/null
@@ -0,0 +1,18 @@
+======================================================
+Breaking: #71110 - TYPO3-specific Upload Limit removed
+======================================================
+
+Description
+===========
+
+TYPO3 has a specific upload limit setting, that is set to 10MB by default, to manually limit down the PHP-specific
+setting ``max_upload_limit``. If configured wrongly the PHP limit was lower than the TYPO3-specific limit.
+
+The TYPO3 setting ``$TYPO3_CONF_VARS['BE']['maxFileSize']`` is removed and the PHP-internal limit is now the
+upper barrier.
+
+
+Impact
+======
+
+Setting the option mentioned above has no effect anymore. The PHP limit is used instead.
\ No newline at end of file
index 5a89c69..9d79004 100644 (file)
@@ -214,7 +214,6 @@ return array(
                 'type' => 'group',
                 'internal_type' => 'file',
                 'allowed' => $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'],
-                'max_size' => $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'],
                 'uploadfolder' => 'uploads/pics',
                 'show_thumbs' => '1',
                 'size' => '3',
index 513bbeb..fe62db0 100644 (file)
@@ -102,7 +102,6 @@ return array(
                 'internal_type' => 'file',
                 'allowed' => $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'],
                 'disallowed' => 'php',
-                'max_size' => $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'],
                 'uploadfolder' => 'uploads/tx_impexpgroupfiles',
                 'size' => 5,
                 'maxitems' => 5,
@@ -117,7 +116,6 @@ return array(
                 'internal_type' => 'file_reference',
                 'allowed' => $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'],
                 'disallowed' => 'php',
-                'max_size' => $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'],
                 'size' => 5,
                 'maxitems' => 5,
                 'show_thumbs' => 1,
@@ -168,7 +166,6 @@ return array(
                                                                                                                <internal_type>file</internal_type>
                                                                                                                <allowed>' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'] . '</allowed>
                                                                                                                <disallowed>php</disallowed>
-                                                                                                               <max_size>' . $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'] . '</max_size>
                                                                                                                <uploadfolder>uploads/tx_impexpgroupfiles</uploadfolder>
                                                                                                                <size>5</size>
                                                                                                                <maxitems>5</maxitems>
@@ -184,7 +181,6 @@ return array(
                                                                                                                <internal_type>file_reference</internal_type>
                                                                                                                <allowed>' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'] . '</allowed>
                                                                                                                <disallowed>php</disallowed>
-                                                                                                               <max_size>' . $GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'] . '</max_size>
                                                                                                                <uploadfolder>uploads/tx_impexpgroupfiles</uploadfolder>
                                                                                                                <size>5</size>
                                                                                                                <maxitems>5</maxitems>
index fc90846..35e4e2d 100644 (file)
@@ -100,6 +100,8 @@ class SilentConfigurationUpgradeService
         'SYS/serverTimeZone',
         // #70138
         'BE/flexFormXMLincludeDiffBase',
+        // #71110
+        'BE/maxFileSize',
     );
 
     /**
index 9df4087..9a691f9 100644 (file)
@@ -79,7 +79,6 @@ class Check
         $statusArray[] = $this->checkCurrentDirectoryIsInIncludePath();
         $statusArray[] = $this->checkTrustedHostPattern();
         $statusArray[] = $this->checkFileUploadEnabled();
-        $statusArray[] = $this->checkMaximumFileUploadSize();
         $statusArray[] = $this->checkPostUploadSizeIsHigherOrEqualMaximumFileUploadSize();
         $statusArray[] = $this->checkMemorySettings();
         $statusArray[] = $this->checkPhpVersion();
@@ -202,32 +201,6 @@ class Check
     }
 
     /**
-     * Check maximum file upload size against default value of 10MB
-     *
-     * @return Status\StatusInterface
-     */
-    protected function checkMaximumFileUploadSize()
-    {
-        $maximumUploadFilesize = $this->getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
-        $configuredMaximumUploadFilesize = 1024 * (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize'];
-        if ($maximumUploadFilesize < $configuredMaximumUploadFilesize) {
-            $status = new Status\ErrorStatus();
-            $status->setTitle('PHP Maximum upload filesize too small');
-            $status->setMessage(
-                'PHP upload_max_filesize = ' . (int)($maximumUploadFilesize / 1024) . ' KB' . LF .
-                'TYPO3_CONF_VARS[BE][maxFileSize] = ' . (int)($configuredMaximumUploadFilesize / 1024) . ' KB' . LF . LF .
-                'Currently PHP determines the limits for uploaded file\'s sizes and not TYPO3.' .
-                ' It is recommended that the value of upload_max_filesize is at least equal to the value' .
-                ' of TYPO3_CONF_VARS[BE][maxFileSize].'
-            );
-        } else {
-            $status = new Status\OkStatus();
-            $status->setTitle('PHP Maximum file upload size is higher than or equal to [BE][maxFileSize]');
-        }
-        return $status;
-    }
-
-    /**
      * Check maximum post upload size correlates with maximum file upload
      *
      * @return Status\StatusInterface