dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: API: Improve validation in chunked uploading
[lhc/web/wiklou.git] / includes / Setup.php
diff --git a/includes/Setup.php b/includes/Setup.php
index 67c99c9..fbfef1f 100644 (file)
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -373,6 +373,15 @@ if ( $wgResourceLoaderMaxQueryLength === false ) {
        unset( $suhosinMaxValueLength );
 }
 
+// Ensure the minimum chunk size is less than PHP upload limits or the maximum
+// upload size.
+$wgMinUploadChunkSize = min(
+       $wgMinUploadChunkSize,
+       $wgMaxUploadSize,
+       wfShorthandToInteger( ini_get( 'upload_max_filesize' ), 1e100 ),
+       wfShorthandToInteger( ini_get( 'post_max_size' ), 1e100 ) - 1024 # Leave room for other parameters
+);
+
 /**
  * Definitions of the NS_ constants are in Defines.php
  * @private
Wiklou, le Wiki du Wiklou