Increased the maximum file size from 16M to 100M and make it configurable

This fixes issue #228

.docker/symfony.conf

@@ -27,7 +27,7 @@
         # Pass the configuration from the docker env to the PHP environment (here you should list all .env options)
         PassEnv APP_ENV APP_DEBUG APP_SECRET
         PassEnv DATABASE_URL
-        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR
+        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE
         PassEnv MAILER_DSN ALLOW_EMAIL_PW_RESET EMAIL_SENDER_EMAIL EMAIL_SENDER_NAME
         PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA
         PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP

.env

@@ -31,6 +31,9 @@ INSTANCE_NAME="Part-DB"
 ALLOW_ATTACHMENT_DOWNLOADS=0
 # Use gravatars for user avatars, when user has no own avatar defined
 USE_GRAVATAR=0
+# The maximum allowed size for attachment files in bytes (you can use M for megabytes and G for gigabytes)
+# Please note that the php.ini setting upload_max_filesize also limits the maximum size of uploaded files
+MAX_ATTACHMENT_FILE_SIZE="100M"
 
 ###################################################################################
 # Email settings

config/parameters.yaml

@@ -29,9 +29,10 @@ parameters:
   ######################################################################################################################
   # Attachments and files
   ######################################################################################################################
-  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'  # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
-  partdb.attachments.dir.media: 'public/media/'               # The folder where uploaded attachment files are saved (must be in public folder)
-  partdb.attachments.dir.secure: 'uploads/'                   # The folder where secured attachment files are saved (must not be in public/)
+  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'    # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
+  partdb.attachments.dir.media: 'public/media/'                                   # The folder where uploaded attachment files are saved (must be in public folder)
+  partdb.attachments.dir.secure: 'uploads/'                                       # The folder where secured attachment files are saved (must not be in public/)
+  partdb.attachments.max_file_size: '%env(string:MAX_ATTACHMENT_FILE_SIZE)%'      # The maximum size of an attachment file (in bytes, you can use M for megabytes and G for gigabytes)
 
   ######################################################################################################################
   # Error pages
@@ -95,7 +96,7 @@ parameters:
   env(INSTANCE_NAME): 'Part-DB'
   env(BASE_CURRENCY): 'EUR'
   env(USE_GRAVATAR): '0'
-  env(ALLOW_ATTACHMENT_DOWNLOADS): 0
+  env(MAX_ATTACHMENT_FILE_SIZE): '100M'
 
   env(ERROR_PAGE_ADMIN_EMAIL): ''
   env(ERROR_PAGE_SHOW_HELP): 1

config/services.yaml

@@ -88,6 +88,7 @@ services:
     App\Form\AttachmentFormType:
         arguments:
             $allow_attachments_downloads: '%partdb.attachments.allow_downloads%'
+            $max_file_size: '%partdb.attachments.max_file_size%'
 
     App\Services\Attachments\AttachmentSubmitHandler:
         arguments:

src/Form/AttachmentFormType.php

@@ -50,13 +50,14 @@ class AttachmentFormType extends AbstractType
     protected AttachmentManager $attachment_helper;
     protected UrlGeneratorInterface $urlGenerator;
     protected bool $allow_attachments_download;
+    protected string $max_file_size;
     protected Security $security;
     protected AttachmentSubmitHandler $submitHandler;
     protected TranslatorInterface $translator;
 
-    public function __construct(AttachmentManager $attachmentHelper,
-                                UrlGeneratorInterface $urlGenerator, Security $security,
-        bool $allow_attachments_downloads, AttachmentSubmitHandler $submitHandler, TranslatorInterface $translator)
+    public function __construct(AttachmentManager $attachmentHelper, UrlGeneratorInterface $urlGenerator,
+        Security $security, AttachmentSubmitHandler $submitHandler, TranslatorInterface $translator,
+        bool $allow_attachments_downloads, string $max_file_size)
     {
         $this->attachment_helper = $attachmentHelper;
         $this->urlGenerator = $urlGenerator;
@@ -64,6 +65,7 @@ class AttachmentFormType extends AbstractType
         $this->security = $security;
         $this->submitHandler = $submitHandler;
         $this->translator = $translator;
+        $this->max_file_size = $max_file_size;
     }
 
     public function buildForm(FormBuilderInterface $builder, array $options): void
@@ -140,8 +142,8 @@ class AttachmentFormType extends AbstractType
             if ($attachment instanceof Attachment && $file instanceof UploadedFile && $attachment->getAttachmentType(
                 ) && !$this->submitHandler->isValidFileExtension($attachment->getAttachmentType(), $file)) {
                 $event->getForm()->get('file')->addError(
-                        new FormError($this->translator->trans('validator.file_ext_not_allowed'))
-                    );
+                    new FormError($this->translator->trans('validator.file_ext_not_allowed'))
+                );
             }
         });
 
@@ -161,7 +163,7 @@ class AttachmentFormType extends AbstractType
     {
         $resolver->setDefaults([
             'data_class' => Attachment::class,
-            'max_file_size' => '16M',
+            'max_file_size' => $this->max_file_size,
             'allow_builtins' => true,
         ]);
     }