Fix clobbering of the upload size validation

[nfauchelle]

Affected Version

4.8

Description

yml config for the max size of uploads is getting over-written by a single '*' rule which is done in.

src/Forms/UploadReceiver.php -> constructUploadReceiver() method.

We simply need to remove the comment and 3 lines that set the size from that method.

If you review SilverStripe\Assets\Upload_Validator and check the getAllowedMaxFileSize method, you'll see the sizing will be populated (if it hasn't been done before).

yml config expected to work.

SilverStripe\Assets\Upload_Validator:
  default_max_file_size:
    '[image]': '2m'
    '*' : '1m'

Steps to Reproduce

• Setup a new SilverStripe site.
• Add the config above to the yml file.
• Set your PHP to allow max post / max upload size of 10mb.
• Add the above config to your sites yml file and flush.
• In the CMS you'll be able to upload a 5MB file, when you shouldn't.

When you define max sizing in the yml file, it gets over-ridden with the CMS UploadField.

Here is the change here, nfauchelle@564ecbc
I don't have permission to submit a pull request.

PRs

• Fix clobbering of the upload size validation #10059
• Ensure the setAllowedMaxFileSize wont allow config values to exceed PHP limits  silverstripe-assets#469
• ENH Let AssetAdmin default to Upload_Validator default upload limits silverstripe-asset-admin#1430
• DOC Document changes to asset admin file size config developer-docs#430

[michalkleiner]

@nfauchelle thanks for reporting and the reproduction steps.

With PRs, generally, you'd fork the framework repo, fix the issue in a new branch off the latest minor version branch, i.e. 4.8 at this point in time, and then you can submit a cross-repo PR against that minor version branch from your fix branch.

[emteknetnz]

Linked PRs have been merged, they will be released in 5.2