From 6fa5efc4cad9c0ca299796e32a6e1dc5f005af8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Thu, 2 Mar 2023 23:08:14 +0100
Subject: [PATCH] Increased the maximum file size from 16M to 100M and make it
 configurable

This fixes issue #228
---
 .docker/symfony.conf            |  2 +-
 .env                            |  3 +++
 config/parameters.yaml          |  9 +++++----
 config/services.yaml            |  1 +
 src/Form/AttachmentFormType.php | 14 ++++++++------
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/.docker/symfony.conf b/.docker/symfony.conf
index 01aa91f0..46c4727a 100644
--- a/.docker/symfony.conf
+++ b/.docker/symfony.conf
@@ -27,7 +27,7 @@
         # Pass the configuration from the docker env to the PHP environment (here you should list all .env options)
         PassEnv APP_ENV APP_DEBUG APP_SECRET
         PassEnv DATABASE_URL
-        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR
+        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE
         PassEnv MAILER_DSN ALLOW_EMAIL_PW_RESET EMAIL_SENDER_EMAIL EMAIL_SENDER_NAME
         PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA
         PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP
diff --git a/.env b/.env
index 0e8adff6..fe31e3b1 100644
--- a/.env
+++ b/.env
@@ -31,6 +31,9 @@ INSTANCE_NAME="Part-DB"
 ALLOW_ATTACHMENT_DOWNLOADS=0
 # Use gravatars for user avatars, when user has no own avatar defined
 USE_GRAVATAR=0
+# The maximum allowed size for attachment files in bytes (you can use M for megabytes and G for gigabytes)
+# Please note that the php.ini setting upload_max_filesize also limits the maximum size of uploaded files
+MAX_ATTACHMENT_FILE_SIZE="100M"
 
 ###################################################################################
 # Email settings
diff --git a/config/parameters.yaml b/config/parameters.yaml
index ec80e939..2e1853c4 100644
--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@@ -29,9 +29,10 @@ parameters:
   ######################################################################################################################
   # Attachments and files
   ######################################################################################################################
-  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'  # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
-  partdb.attachments.dir.media: 'public/media/'               # The folder where uploaded attachment files are saved (must be in public folder)
-  partdb.attachments.dir.secure: 'uploads/'                   # The folder where secured attachment files are saved (must not be in public/)
+  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'    # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
+  partdb.attachments.dir.media: 'public/media/'                                   # The folder where uploaded attachment files are saved (must be in public folder)
+  partdb.attachments.dir.secure: 'uploads/'                                       # The folder where secured attachment files are saved (must not be in public/)
+  partdb.attachments.max_file_size: '%env(string:MAX_ATTACHMENT_FILE_SIZE)%'      # The maximum size of an attachment file (in bytes, you can use M for megabytes and G for gigabytes)
 
   ######################################################################################################################
   # Error pages
@@ -95,7 +96,7 @@ parameters:
   env(INSTANCE_NAME): 'Part-DB'
   env(BASE_CURRENCY): 'EUR'
   env(USE_GRAVATAR): '0'
-  env(ALLOW_ATTACHMENT_DOWNLOADS): 0
+  env(MAX_ATTACHMENT_FILE_SIZE): '100M'
 
   env(ERROR_PAGE_ADMIN_EMAIL): ''
   env(ERROR_PAGE_SHOW_HELP): 1
diff --git a/config/services.yaml b/config/services.yaml
index f2200115..54da499a 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -88,6 +88,7 @@ services:
     App\Form\AttachmentFormType:
         arguments:
             $allow_attachments_downloads: '%partdb.attachments.allow_downloads%'
+            $max_file_size: '%partdb.attachments.max_file_size%'
 
     App\Services\Attachments\AttachmentSubmitHandler:
         arguments:
diff --git a/src/Form/AttachmentFormType.php b/src/Form/AttachmentFormType.php
index ad1c53a9..dc23fea2 100644
--- a/src/Form/AttachmentFormType.php
+++ b/src/Form/AttachmentFormType.php
@@ -50,13 +50,14 @@ class AttachmentFormType extends AbstractType
     protected AttachmentManager $attachment_helper;
     protected UrlGeneratorInterface $urlGenerator;
     protected bool $allow_attachments_download;
+    protected string $max_file_size;
     protected Security $security;
     protected AttachmentSubmitHandler $submitHandler;
     protected TranslatorInterface $translator;
 
-    public function __construct(AttachmentManager $attachmentHelper,
-                                UrlGeneratorInterface $urlGenerator, Security $security,
-        bool $allow_attachments_downloads, AttachmentSubmitHandler $submitHandler, TranslatorInterface $translator)
+    public function __construct(AttachmentManager $attachmentHelper, UrlGeneratorInterface $urlGenerator,
+        Security $security, AttachmentSubmitHandler $submitHandler, TranslatorInterface $translator,
+        bool $allow_attachments_downloads, string $max_file_size)
     {
         $this->attachment_helper = $attachmentHelper;
         $this->urlGenerator = $urlGenerator;
@@ -64,6 +65,7 @@ class AttachmentFormType extends AbstractType
         $this->security = $security;
         $this->submitHandler = $submitHandler;
         $this->translator = $translator;
+        $this->max_file_size = $max_file_size;
     }
 
     public function buildForm(FormBuilderInterface $builder, array $options): void
@@ -140,8 +142,8 @@ class AttachmentFormType extends AbstractType
             if ($attachment instanceof Attachment && $file instanceof UploadedFile && $attachment->getAttachmentType(
                 ) && !$this->submitHandler->isValidFileExtension($attachment->getAttachmentType(), $file)) {
                 $event->getForm()->get('file')->addError(
-                        new FormError($this->translator->trans('validator.file_ext_not_allowed'))
-                    );
+                    new FormError($this->translator->trans('validator.file_ext_not_allowed'))
+                );
             }
         });
 
@@ -161,7 +163,7 @@ class AttachmentFormType extends AbstractType
     {
         $resolver->setDefaults([
             'data_class' => Attachment::class,
-            'max_file_size' => '16M',
+            'max_file_size' => $this->max_file_size,
             'allow_builtins' => true,
         ]);
     }