[
https://issues.apache.org/jira/browse/JSPWIKI-618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Harry Metske updated JSPWIKI-618:
---------------------------------
Priority: Minor (was: Major)
Affects Version/s: 3.0
2.8.4
2.8.3
Fix Version/s: 3.0
2.8.4
Assignee: Harry Metske
Issue Type: Bug (was: Improvement)
The funny thing is that there was already an attempt in the code to make this
happen :
{code:java}
if( !context.hasAdminPermissions() )
{
if( contentLength > m_maxSize )
{
// FIXME: Does not delete the received files.
throw new RedirectException( "File exceeds maximum size
("+m_maxSize+" bytes)",
errorPage );
}
if( !isTypeAllowed(filename) )
{
throw new RedirectException( "Files of this type may not be
uploaded to this wiki",
errorPage );
}
}
{code}
Unfortunately a few lines from there we do an unconditional
ServletFileUpload.setFileSizeMax( m_maxSize ) which kills the whole story.
I'll fix this.
> Allow Administrators to override attachment.maxsize
> ---------------------------------------------------
>
> Key: JSPWIKI-618
> URL: https://issues.apache.org/jira/browse/JSPWIKI-618
> Project: JSPWiki
> Issue Type: Bug
> Components: Core & storage
> Affects Versions: 2.8.3, 2.8.4, 3.0
> Reporter: Jürgen Weber
> Assignee: Harry Metske
> Priority: Minor
> Fix For: 2.8.4, 3.0
>
>
> I think limiting attachment sizes is a good thing.
> But Administrators should be able to override it, i.e. be able to upload
> bigger attachments than attachment.maxsize.
> Workaround: temporarily remove attachment.maxsize
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
