New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[php:core,VD] disallow extract of uncompressed size larger than option "maxArcFilesSize" #3119

Closed

nao-pon opened this issue Feb 27, 2020 · 0 comments

Assignees

Labels

connector feature

Member

nao-pon commented Feb 27, 2020

Then, change the default value of "maxArcFilesSize" from "0" (no limit) to "2G" (2Gbytes). This is also a defense against Zip Bomb.

$opts = array(
    'roots'  => array(
        array(
            'driver' => 'LocalFileSystem',
            'path'   => '/path/to/files/',
            'URL'    => 'http://localhost/to/files/',
            'maxArcFilesSize' => '500M', // Extract allow max 500MB
        )
    )
);

// run elFinder
$connector = new elFinderConnector(new elFinder($opts));
$connector->run();

nao-pon self-assigned this

nao-pon added connector feature labels

nao-pon closed this as completed in

55a967b

# for free to join this conversation on GitHub. Already have an account? # to comment