Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

File Upload in Forms (file size error)


Hello everyone! 

I'm currently working to fix a problem regarding file size when it uploads a file in Forms. As an idea we are using Optimizely Forms to create web forms in our project. So the problem appear when I try to add an upload file block into form like the one specified above.
Here is the content setup of the upload block:
I also specified the file size limit in appsettings.json file (the number below represents the size in bytes which means 500 MB).
Everything seems ok but when I press submit button I'm getting the error in the screenshot: "The upload file size should be less than -2048 MB." I mention that I uploaded an jpg file at about 21 KB.
Has anyone had this problem or something similar and have any idea how to fix it?
Nov 02, 2022 14:38

One thing suggested in another thread here is adding this to your Startup.cs:

            services.Configure<FormOptions>(x =>
                x.MultipartBodyLengthLimit = 10737418240;

Another possibility (also from that thread) is setting the max size for kestrel:

public static IHostBuilder CreateHostBuilder(string[] args) =>
        .ConfigureWebHostDefaults(webBuilder =>
            webBuilder.ConfigureKestrel((context, options) =>
                // Handle requests up to 50 MB
                options.Limits.MaxRequestBodySize = 52428800;
Nov 07, 2022 21:01

Did you happend to find a solution to this issue? Im having the same problem with forms version 5.5.1.

Edit: Solution found.

In the EpiserverForms package the max file size is determined by this (decompiled) method:

 private int GetmaxSizeInByte(int fileUploadsize)
      int num = (int) ServiceLocator.Current.GetInstance<IHttpContextAccessor>().HttpContext.Features.Get<IHttpMaxRequestBodySizeFeature>().MaxRequestBodySize.Value;
      int multipartBodyLengthLimit = (int) this._formsOptions.MultipartBodyLengthLimit;
      return ((IEnumerable<int>) new int[3]
Meaning long values are being cast to ints. If you set any of the three values to anything above int.MaxValue it will give the error. So the fileupload-field's max validation size can't be above 2bg, nor can the other values.
Edited, Jun 12, 2023 11:41
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.