Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix out of memory file upload of 2gb+ files introduced by #14657 SVG xss #17421

Open
wants to merge 2 commits into
base: v13/contrib
Choose a base branch
from

Conversation

TimBoonstra
Copy link

@TimBoonstra TimBoonstra commented Nov 5, 2024

According to the v13 docs you can set the max filesize using maxAllowedContentLength to 4GB, however when you drag/drop a 2gb+ file in the media library it will throw an out of memory error.

This bug was introduced with the security SVG XSS hotfix #14657 by using a MemoryStream which has a max size of 2GB instead of the FileStream which does allow for 4GB files.

Copy link

github-actions bot commented Nov 5, 2024

Hi there @TimBoonstra, thank you for this contribution! 👍

While we wait for one of the Core Collaborators team to have a look at your work, we wanted to let you know about that we have a checklist for some of the things we will consider during review:

  • It's clear what problem this is solving, there's a connected issue or a description of what the changes do and how to test them
  • The automated tests all pass (see "Checks" tab on this PR)
  • The level of security for this contribution is the same or improved
  • The level of performance for this contribution is the same or improved
  • Avoids creating breaking changes; note that behavioral changes might also be perceived as breaking
  • If this is a new feature, Umbraco HQ provided guidance on the implementation beforehand
  • 💡 The contribution looks original and the contributor is presumably allowed to share it

Don't worry if you got something wrong. We like to think of a pull request as the start of a conversation, we're happy to provide guidance on improving your contribution.

If you realize that you might want to make some changes then you can do that by adding new commits to the branch you created for this work and pushing new commits. They should then automatically show up as updates to this pull request.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

@TimBoonstra TimBoonstra changed the title Fix out of memory of 2gb+ (max 4gb) error introduced by #14657 SVG xss Fix out of memory file upload of 2gb+ files introduced by #14657 SVG xss Nov 5, 2024
@mikecp
Copy link
Contributor

mikecp commented Nov 5, 2024

Hello @TimBoonstra,

Thanks for spotting the issue and providing the fix! 👍🤩
A member of the core collaborators team will have a look at it soon.

I see this is your first PR to the Umbraco repository, congratulations 😉 !!
If you have an account on Our.umbraco.com, please mention it here so that we can assign your contributor badge once your PR will be merged 😁

Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants