remove hardcoded size limits

Shivangi-ch · Apr 22, 2024 · c5c5793 · c5c5793
1 parent 4116f6b
commit c5c5793
Show file tree

Hide file tree

Showing 11 changed files with 31 additions and 18 deletions.
diff --git a/src/pretix/api/serializers/item.py b/src/pretix/api/serializers/item.py
@@ -5,6 +5,7 @@
 from django.utils.functional import cached_property
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
+from django.conf import settings
 
 from pretix.api.serializers.event import MetaDataField
 from pretix.api.serializers.fields import UploadedFileField
@@ -116,7 +117,7 @@ class ItemSerializer(I18nAwareModelSerializer):
     meta_data = MetaDataField(required=False, source='*')
     picture = UploadedFileField(required=False, allow_null=True, allowed_types=(
         'image/png', 'image/jpeg', 'image/gif'
-    ), max_size=10 * 1024 * 1024)
+    ), max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"])
 
     class Meta:
         model = Item

diff --git a/src/pretix/api/serializers/order.py b/src/pretix/api/serializers/order.py
@@ -6,6 +6,7 @@
 from django.core.files import File
 from django.db.models import F, Q
 from django.utils.timezone import now
+from django.conf import settings
 from django.utils.translation import gettext_lazy
 from django_countries.fields import Country
 from rest_framework import serializers
@@ -164,7 +165,7 @@ def _handle_file_upload(self, data):
         )
         if cf.type not in allowed_types:
             raise ValidationError('The submitted file "{fid}" has a file type that is not allowed in this field.'.format(fid=data))
-        if cf.file.size > 10 * 1024 * 1024:
+        if cf.file.size > settings.MAX_FILE_UPLOAD_SIZE_CONFIG["other"]:
             raise ValidationError('The submitted file "{fid}" is too large to be used in this field.'.format(fid=data))
 
         data['options'] = []

diff --git a/src/pretix/api/views/checkin.py b/src/pretix/api/views/checkin.py
@@ -5,6 +5,7 @@
 )
 from django.db.models.functions import Coalesce
 from django.http import Http404
+from django.conf import settings
 from django.shortcuts import get_object_or_404
 from django.utils.functional import cached_property
 from django.utils.timezone import now
@@ -433,7 +434,7 @@ def _handle_file_upload(self, data):
         )
         if cf.type not in allowed_types:
             raise ValidationError('The submitted file "{fid}" has a file type that is not allowed in this field.'.format(fid=data))
-        if cf.file.size > 10 * 1024 * 1024:
+        if cf.file.size > settings.MAX_FILE_UPLOAD_SIZE_CONFIG["other"]:
             raise ValidationError('The submitted file "{fid}" is too large to be used in this field.'.format(fid=data))
 
         return cf.file
diff --git a/src/pretix/base/forms/questions.py b/src/pretix/base/forms/questions.py
@@ -10,6 +10,7 @@
 import vat_moss.errors
 import vat_moss.id
 from babel import Locale
+from django.conf import settings
 from django import forms
 from django.contrib import messages
 from django.core.exceptions import ValidationError
@@ -572,7 +573,7 @@ def __init__(self, *args, **kwargs):
                         ".pptx", ".ppt", ".doc", ".xlsx", ".xls", ".jfif", ".heic", ".heif", ".pages",
                         ".bmp", ".tif", ".tiff"
                     ),
-                    max_size=10 * 1024 * 1024,
+                    max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["other"],
                 )
             elif q.type == Question.TYPE_DATE:
                 attrs = {}

diff --git a/src/pretix/base/services/mail.py b/src/pretix/base/services/mail.py
@@ -22,6 +22,7 @@
 )
 from django.core.mail.message import SafeMIMEText
 from django.db import transaction
+from django.conf import settings
 from django.template.loader import get_template
 from django.utils.timezone import override
 from django.utils.translation import gettext as _, pgettext
@@ -324,7 +325,7 @@ def mail_send_task(self, *args, to: List[str], subject: str, body: str, html: st
                                 args.append((name, content, ct.type))
                                 attach_size += len(content)
 
-                            if attach_size < 4 * 1024 * 1024:
+                            if attach_size < settings.MAX_FILE_UPLOAD_SIZE_CONFIG["email_attachment"]:
                                 # Do not attach more than 4MB, it will bounce way to often.
                                 for a in args:
                                     try:

diff --git a/src/pretix/base/settings.py b/src/pretix/base/settings.py
@@ -1893,7 +1893,7 @@ def unserialize(cls, s):
         'form_kwargs': dict(
             label=_('Header image'),
             ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
             help_text=_('If you provide a logo image, we will by default not show your event name and date '
                         'in the page header. By default, we show your logo with a size of up to 1140x120 pixels. You '
                         'can increase the size with the setting below. We recommend not using small details on the picture '
@@ -1904,7 +1904,7 @@ def unserialize(cls, s):
             allowed_types=[
                 'image/png', 'image/jpeg', 'image/gif'
             ],
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
         )
 
     },
@@ -1935,7 +1935,7 @@ def unserialize(cls, s):
         'form_kwargs': dict(
             label=_('Header image'),
             ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
             help_text=_('If you provide a logo image, we will by default not show your organization name '
                         'in the page header. By default, we show your logo with a size of up to 1140x120 pixels. You '
                         'can increase the size with the setting below. We recommend not using small details on the picture '
@@ -1946,7 +1946,7 @@ def unserialize(cls, s):
             allowed_types=[
                 'image/png', 'image/jpeg', 'image/gif'
             ],
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
         )
     },
     'organizer_logo_image_large': {
@@ -1966,7 +1966,7 @@ def unserialize(cls, s):
         'form_kwargs': dict(
             label=_('Social media image'),
             ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
             help_text=_('This picture will be used as a preview if you post links to your ticket shop on social media. '
                         'Facebook advises to use a picture size of 1200 x 630 pixels, however some platforms like '
                         'WhatsApp and Reddit only show a square preview, so we recommend to make sure it still looks good '
@@ -1977,7 +1977,7 @@ def unserialize(cls, s):
             allowed_types=[
                 'image/png', 'image/jpeg', 'image/gif'
             ],
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
         )
     },
     'invoice_logo_image': {
@@ -1988,15 +1988,15 @@ def unserialize(cls, s):
             label=_('Logo image'),
             ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
             required=False,
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
             help_text=_('We will show your logo with a maximal height and width of 2.5 cm.')
         ),
         'serializer_class': UploadedFileField,
         'serializer_kwargs': dict(
             allowed_types=[
                 'image/png', 'image/jpeg', 'image/gif'
             ],
-            max_size=10 * 1024 * 1024,
+            max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
         )
     },
     'frontpage_text': {

diff --git a/src/pretix/control/forms/organizer.py b/src/pretix/control/forms/organizer.py
@@ -242,7 +242,7 @@ class OrganizerSettingsForm(SettingsForm):
     organizer_logo_image = ExtFileField(
         label=_('Header image'),
         ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
-        max_size=10 * 1024 * 1024,
+        max_size = settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"],
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your organization name '
                     'in the page header. By default, we show your logo with a size of up to 1140x120 pixels. You '
@@ -253,7 +253,7 @@ class OrganizerSettingsForm(SettingsForm):
         label=_('Favicon'),
         ext_whitelist=(".ico", ".png", ".jpg", ".gif", ".jpeg"),
         required=False,
-        max_size=1 * 1024 * 1024,
+        max_size = settings.MAX_FILE_UPLOAD_SIZE_CONFIG["favicon"],
         help_text=_('If you provide a favicon, we will show it instead of the default pretix icon. '
                     'We recommend a size of at least 200x200px to accommodate most devices.')
     )

diff --git a/src/pretix/control/views/orderimport.py b/src/pretix/control/views/orderimport.py
@@ -35,7 +35,7 @@ def post(self, request, *args, **kwargs):
                 'event': request.event.slug,
                 'organizer': request.organizer.slug,
             }))
-        if request.FILES['file'].size > 1024 * 1024 * 10:
+        if request.FILES['file'].size > settings.MAX_FILE_UPLOAD_SIZE_CONFIG["other"]:
             messages.error(request, _('Please do not upload files larger than 10 MB.'))
             return redirect(reverse('control:event.orders.import', kwargs={
                 'event': request.event.slug,

diff --git a/src/pretix/control/views/pdf.py b/src/pretix/control/views/pdf.py
@@ -37,7 +37,7 @@ class BaseEditorView(EventPermissionRequiredMixin, TemplateView):
     accepted_formats = (
         'application/pdf',
     )
-    maxfilesize = 1024 * 1024 * 10
+    maxfilesize = settings.MAX_FILE_UPLOAD_SIZE_CONFIG["image"]
     minfilesize = 10
     title = None
 

diff --git a/src/pretix/plugins/sendmail/forms.py b/src/pretix/plugins/sendmail/forms.py
@@ -1,6 +1,7 @@
 from django import forms
 from django.core.exceptions import ValidationError
 from django.urls import reverse
+from django.conf import settings
 from django.utils.translation import gettext_lazy as _, pgettext_lazy
 from django_scopes.forms import SafeModelMultipleChoiceField
 from i18nfield.forms import I18nFormField, I18nTextarea, I18nTextInput
@@ -33,7 +34,7 @@ class MailForm(forms.Form):
         ),
         help_text=_('Sending an attachment increases the chance of your email not arriving or being sorted into spam folders. We recommend only using PDFs '
                     'of no more than 2 MB in size.'),
-        max_size=10 * 1024 * 1024
+        max_size=settings.MAX_FILE_UPLOAD_SIZE_CONFIG["email_attachment"]
     )  # TODO i18n
     items = forms.ModelMultipleChoiceField(
         widget=forms.CheckboxSelectMultiple(

diff --git a/src/pretix/settings.py b/src/pretix/settings.py
@@ -766,3 +766,10 @@
 
 DATA_UPLOAD_MAX_NUMBER_FIELDS = 25000
 DATA_UPLOAD_MAX_MEMORY_SIZE = 10 * 1024 * 1024  # 10 MB
+
+MAX_FILE_UPLOAD_SIZE_CONFIG = {
+    'image': 1024 * 1024 * config.getint('file_upload_limits', 'image', fallback=10),
+    'favicon':1024 * 1024 * config.getint('file_upload_limits', 'favicon', fallback=1),
+    'email_attachment':1024 * 1024 * config.getint('file_upload_limits', 'email_attachment', fallback=10),
+    'other': 1024 * 1024 * config.getint('file_upload_limits', 'other', fallback=10)
+}