SECURITY: API: Improve validation in chunked uploading

[lhc/web/wiklou.git] / includes / DefaultSettings.php

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 9eff602..c21301f 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -720,6 +720,14 @@ $wgCopyUploadAsyncTimeout = false;
  */
 $wgMaxUploadSize = 1024 * 1024 * 100; # 100MB
 
+/**
+ * Minimum upload chunk size, in bytes. When using chunked upload, non-final
+ * chunks smaller than this will be rejected. May be reduced based on the
+ * 'upload_max_filesize' or 'post_max_size' PHP settings.
+ * @since 1.26
+ */
+$wgMinUploadChunkSize = 1024; # 1KB
+
 /**
  * Point the upload navigation link to an external URL
  * Useful if you want to use a shared repository by default
@@ -5214,6 +5222,12 @@ $wgRateLimits = array(
                'ip' => null, // for each anon and recent account
                'subnet' => null, // ... within a /24 subnet in IPv4 or /64 in IPv6
        ),
+       'upload' => array(
+               'user' => null,
+               'newbie' => null,
+               'ip' => null,
+               'subnet' => null,
+       ),
        'move' => array(
                'user' => null,
                'newbie' => null,