From abec006996d4b54e649f2ef26732d7dbf9bfb8f7 Mon Sep 17 00:00:00 2001
From: m5050 <alsaidie@gmail.com>
Date: Sun, 12 Jan 2025 13:53:57 +0300
Subject: [PATCH] Add "PHP_MAX_FILE_UPLOADS" and "NGINX_CLIENT_MAX_BODY_SIZE"
 environment variables  (#207)

---
 core/files/entrypoint.sh       | 2 ++
 core/files/entrypoint_fpm.sh   | 2 ++
 core/files/entrypoint_nginx.sh | 4 ++++
 docker-compose.yml             | 2 ++
 template.env                   | 5 +++++
 5 files changed, 15 insertions(+)

diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh
index 33ee9b6..aa4ab32 100755
--- a/core/files/entrypoint.sh
+++ b/core/files/entrypoint.sh
@@ -50,6 +50,7 @@ export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}
 export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
 export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
 export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
+export PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}
 
 export PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}
 export PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}
@@ -67,6 +68,7 @@ export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
 
 export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
 export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
+export NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}
 
 # start supervisord using the main configuration file so we have a socket interface
 /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh
index 5afe22f..d2d2606 100755
--- a/core/files/entrypoint_fpm.sh
+++ b/core/files/entrypoint_fpm.sh
@@ -19,6 +19,8 @@ change_php_vars() {
         sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE"
         echo "Configure PHP | Setting 'upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}'"
         sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE"
+        echo "Configure PHP | Setting 'max_file_uploads = ${PHP_MAX_FILE_UPLOADS}'"
+        sed -i "s/max_file_uploads = .*/max_file_uploads = ${PHP_MAX_FILE_UPLOADS}/" "$FILE"
         echo "Configure PHP | Setting 'post_max_size = ${PHP_POST_MAX_SIZE}'"
         sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE"
         echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'"
diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh
index 9c67626..196ef53 100755
--- a/core/files/entrypoint_nginx.sh
+++ b/core/files/entrypoint_nginx.sh
@@ -225,6 +225,10 @@ init_nginx() {
     echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}"
     sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp
 
+    # Adjust maximum allowed size of the client request body
+    echo "... adjusting 'client_max_body_size' to ${NGINX_CLIENT_MAX_BODY_SIZE}"
+    sed -i "s/client_max_body_size .*;/client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};/" /etc/nginx/includes/misp
+
     # Adjust forwarding header settings (clean up first)
     sed -i '/real_ip_header/d' /etc/nginx/includes/misp
     sed -i '/real_ip_recursive/d' /etc/nginx/includes/misp
diff --git a/docker-compose.yml b/docker-compose.yml
index e085e2a..2d0c8f7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -157,6 +157,7 @@ services:
       # Nginx settings
       - "NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR}"
       - "NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}"
+      - "NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}"
       # Proxy settings
       - "PROXY_ENABLE=${PROXY_ENABLE}"
       - "PROXY_HOST=${PROXY_HOST}"
@@ -201,6 +202,7 @@ services:
       - "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
       - "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
       - "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
+      - "PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}"
       # PHP FPM pool setup
       - "PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}"
       - "PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}"
diff --git a/template.env b/template.env
index dfe5038..69bdaac 100644
--- a/template.env
+++ b/template.env
@@ -200,6 +200,8 @@ SYNCSERVERS_1_PULL_RULES=
 # PHP_POST_MAX_SIZE=50M
 # Maximum time PHP spends parsing input data in seconds.
 # PHP_MAX_INPUT_TIME=300
+# Maximum number of file to upload per request.
+# PHP_MAX_FILE_UPLOADS=50
 
 ## PHP FPM pool setup
 # Maximum number of php-fpm processes, limits the number of simultaneous requests.
@@ -252,6 +254,9 @@ SYNCSERVERS_1_PULL_RULES=
 # Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN
 # X_FRAME_OPTIONS=
 
+# NGINX maximum allowed size of the client request body.
+# NGINX_CLIENT_MAX_BODY_SIZE=50M
+
 # Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS.
 # Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport"
 # CONTENT_SECURITY_POLICY=