Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-3701

Client side max file size check to prevent temporary unchecked large uploads

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.5.8
    • Fix Version/s: 12.5.13, 13.0.2
    • Component/s: None
    • Labels:
      None

      Description

      When the tomcat <Connector> does not have the "maxPostSize" attribute set, it is possible to upload arbitrary large files (temporarily landing in the tomcat work directory)  as the size is currently only validated by olat after it has been uploaded.

      While it is possible to set this tomcat configuration, it is only possible to configure this once per tomcat instance (its not possible to set this option in olat per request).

      The attached patch solves this issue for us by implementing a client side filesize check. It seems to work for all browsers we where able to test (current versions of Firefox, IE, Edge, Opera, Vivaldi, Safari) and should fall back to the current behavior when the check is not possible in the current browser.

        Attachments

          Activity

            People

            • Assignee:
              srosse Stéphane Rossé
              Reporter:
              d.haag Daniel Haag
              Tester:
              Mandy Menzel
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 15 minutes
                1h 15m