The inputted value is intended to represent megabytes, but is only
multiplied by 1024 - meaning it'd represent kilobytes. This is then used
to compare with the PHP setting number, which is bytes in the range of
megabytes. Kilobytes are always under megabytes, meaning size
comparisons elsewhere in the code are always true.
We should ensure the calculation for validation is correct.
A task helper for recovering UserForm uploads targeting incorrectly migrated folders (from Silverstripe CMS 3)
If your project has not been migrated from Silverstripe CMS 3, you do not need this helper.
Before running this task make sure you have repaired the migrated folders themselves.
To do that you have to run the extra migration subtask (`migrate-folders`).
This task is particularly looking at all UserForm file submissions and checks they are in the same
folder where the particular version of its EditableFileField has been set up to upload it to.
If it finds the file has been misplaced, it tries to move it to the correct folder, but only if
the file has not had any manipulations since the uploading happened (the file Version=1).
If an affected file has a draft, then only Live version will be moved, but the draft will be preserved as is.
For more details see CVE-2020-9280
A task helper for recovering UserForm uploads targeting incorrectly migrated folders (from Silverstripe CMS 3)
If your project has not been migrated from Silverstripe CMS 3, you do not need this helper.
Before running this task make sure you have repaired the migrated folders themselves.
To do that you have to run the extra migration subtask (`migrate-folders`).
This task is particularly looking at all UserForm file submissions and checks they are in the same
folder where the particular version of its EditableFileField has been set up to upload it to.
If it finds the file has been misplaced, it tries to move it to the correct folder, but only if
the file has not had any manipulations since the uploading happened (the file Version=1).
If an affected file has a draft, then only Live version will be moved, but the draft will be preserved as is.
For more details see CVE-2020-9280