Update web.config max upload size defaults, correct backend calcs, an…

…d fix validation issue preventing increase
dnnsoftware · Sep 8, 2023 · c8714aa · c8714aa
1 parent 5f4603c
commit c8714aa
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/DNN Platform/Library/Common/Utilities/Config.cs b/DNN Platform/Library/Common/Utilities/Config.cs
@@ -318,8 +318,7 @@ public static long GetRequestFilterSize(IApplicationStatusInfo appStatus)
 
             if (httpNode != null)
             {
-                var maxAllowedContentLength = XmlUtils.GetAttributeValueAsLong(httpNode.CreateNavigator(), "maxAllowedContentLength", 30000000);
-                return maxAllowedContentLength / 1024 / 1024;
+                return 4294967295 / 1024 / 1024; // 4GB (max allowedContentLength supported in IIS7)
             }
 
             return DefaultRequestFilter;
@@ -352,7 +351,6 @@ public static void SetMaxUploadSize(IApplicationStatusInfo appStatus, long newSi
             if (httpNode != null)
             {
                 httpNode.Attributes["maxRequestLength"].InnerText = (newSize / 1024).ToString("#");
-                httpNode.Attributes["requestLengthDiskThreshold"].InnerText = (newSize / 1024).ToString("#");
             }
 
             httpNode = configNav.SelectSingleNode("configuration//system.webServer//security//requestFiltering//requestLimits") ??

diff --git a/DNN Platform/Tests/App.config b/DNN Platform/Tests/App.config
@@ -114,7 +114,7 @@
       <forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
     </authentication>
     <!-- allow large file uploads -->
-    <httpRuntime shutdownTimeout="120" executionTimeout="900" useFullyQualifiedRedirectUrl="true" maxRequestLength="12288" requestLengthDiskThreshold="12288" />
+    <httpRuntime shutdownTimeout="120" executionTimeout="900" useFullyQualifiedRedirectUrl="true" maxRequestLength="28672" requestLengthDiskThreshold="81920" />
     <httpCookies httpOnlyCookies="true" requireSSL="false" domain="" />
     <!--  GLOBALIZATION
     This section sets the globalization settings of the application. 

diff --git a/DNN Platform/Website/development.config b/DNN Platform/Website/development.config
@@ -117,6 +117,11 @@
         <add name="X-Frame-Options" value="SAMEORIGIN" />
       </customHeaders>
     </httpProtocol>
+    <security>
+      <requestFiltering>
+        <requestLimits maxAllowedContentLength="29360128" />
+      </requestFiltering>
+    </security>
   </system.webServer>
 
   <system.web>
@@ -149,7 +154,7 @@
     </authentication>
     -->
     <!-- allow large file uploads -->
-    <httpRuntime targetFramework="4.7.2" shutdownTimeout="120" executionTimeout="1200" useFullyQualifiedRedirectUrl="true" maxRequestLength="29296" requestLengthDiskThreshold="81920" maxUrlLength="2048" requestPathInvalidCharacters="&lt;,&gt;,*,%,:,\,?" enableVersionHeader="false"  requestValidationMode="2.0" fcnMode="Single" />
+    <httpRuntime targetFramework="4.7.2" shutdownTimeout="120" executionTimeout="1200" useFullyQualifiedRedirectUrl="true" maxRequestLength="28672" requestLengthDiskThreshold="81920" maxUrlLength="2048" requestPathInvalidCharacters="&lt;,&gt;,*,%,:,\,?" enableVersionHeader="false"  requestValidationMode="2.0" fcnMode="Single" />
     <httpCookies httpOnlyCookies="true" requireSSL="false" domain=""/>
     <!--  GLOBALIZATION
     This section sets the globalization settings of the application.

diff --git a/DNN Platform/Website/release.config b/DNN Platform/Website/release.config
@@ -117,6 +117,11 @@
         <add name="X-Frame-Options" value="SAMEORIGIN" />
       </customHeaders>
     </httpProtocol>
+    <security>
+      <requestFiltering>
+        <requestLimits maxAllowedContentLength="29360128" />
+      </requestFiltering>
+    </security>
   </system.webServer>
 
   <system.web>
@@ -150,7 +155,7 @@
     </authentication>
     -->
     <!-- allow large file uploads -->
-    <httpRuntime targetFramework="4.7.2" shutdownTimeout="120" executionTimeout="1200" useFullyQualifiedRedirectUrl="true" maxRequestLength="29296" requestLengthDiskThreshold="81920" maxUrlLength="2048" requestPathInvalidCharacters="&lt;,&gt;,*,%,:,\,?" enableVersionHeader="false"  requestValidationMode="2.0" fcnMode="Single" />
+    <httpRuntime targetFramework="4.7.2" shutdownTimeout="120" executionTimeout="1200" useFullyQualifiedRedirectUrl="true" maxRequestLength="28672" requestLengthDiskThreshold="81920" maxUrlLength="2048" requestPathInvalidCharacters="&lt;,&gt;,*,%,:,\,?" enableVersionHeader="false"  requestValidationMode="2.0" fcnMode="Single" />
     <httpCookies httpOnlyCookies="true" requireSSL="false" domain=""/>
     <!--  GLOBALIZATION
     This section sets the globalization settings of the application.

diff --git a/Dnn.AdminExperience/Dnn.PersonaBar.Extensions/Services/SecurityController.cs b/Dnn.AdminExperience/Dnn.PersonaBar.Extensions/Services/SecurityController.cs
@@ -709,7 +709,7 @@ public HttpResponseMessage GetOtherSettings()
                             Host.RememberCheckbox,
                             Host.AutoAccountUnlockDuration,
                             Host.AsyncTimeout,
-                            MaxUploadSize = Config.GetMaxUploadSize() / (1024 * 1024),
+                            MaxUploadSize = Config.GetMaxUploadSize() / 1024 / 1024,
                             RangeUploadSize = Config.GetRequestFilterSize(),
                             AllowedExtensionWhitelist = Host.AllowedExtensionWhitelist.ToStorageString(),
                             DefaultEndUserExtensionWhitelist = Host.DefaultEndUserExtensionWhitelist.ToStorageString(),