From 4df6d4ba16f5ff75474d5761b81b926f3eb54c1b Mon Sep 17 00:00:00 2001 From: Mark Williams Date: Fri, 14 Nov 2025 16:11:21 +0000 Subject: [PATCH 1/3] LIMS-1275: Use streamed response for unzipped files --- api/src/Page/Download.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/api/src/Page/Download.php b/api/src/Page/Download.php index 9f9794d20..7863f0b93 100644 --- a/api/src/Page/Download.php +++ b/api/src/Page/Download.php @@ -247,7 +247,6 @@ function _get_autoproc_attachments() /** * Download a file to the browser * This function is used to download autoproc and phasing run attachments. - * It sets a maximum amount of memory for the download. * The $id is used as a prefix to the filename. * * @param integer $id One of AutoProcProgramId or PhasingProgramRunId @@ -255,8 +254,6 @@ function _get_autoproc_attachments() */ function _get_file($id, $file) { - // We don't want to allow unlimited file sizes - ini_set('memory_limit', '512M'); $filesystem = new Filesystem(); $filename = $file['FILEPATH'] . '/' . $file['FILENAME']; @@ -265,18 +262,28 @@ function _get_file($id, $file) if ($filesystem->exists($filename)) { $response = new BinaryFileResponse($filename); $this->set_mime_content($response, $filename, $id); - $response->headers->set("Content-Length", filesize($filename)); } elseif ($filesystem->exists($filename.'.gz')) { $filename = $filename.'.gz'; if ($this->arg('download') == 1) { // View log file, so unzip and serve - $response = new Response(readgzfile($filename)); + $response = new StreamedResponse(function() use ($filename) { + $fileHandle = gzopen($filename, 'rb'); + if ($fileHandle === false) { + $this->_error("The file " . $filename . " couldn't be opened"); + } + // Read the file in 8KB chunks and send them + while (!gzeof($fileHandle)) { + echo gzread($fileHandle, 8192); + if (ob_get_level()) ob_flush(); + flush(); + } + gzclose($fileHandle); + }); $this->set_mime_content($response, $file['FILENAME'], $id); } else { // Download gzipped file $response = new BinaryFileResponse($filename); $this->set_mime_content($response, $filename, $id); - $response->headers->set("Content-Length", filesize($filename)); } } else { $this->_error("No such file, the specified file " . $filename . " doesn't exist"); From 457c289f954bd7d22eb10233fb2af2ef56b1fb3c Mon Sep 17 00:00:00 2001 From: Mark Williams Date: Fri, 14 Nov 2025 16:12:20 +0000 Subject: [PATCH 2/3] LIMS-1275: Ignore security advisories --- api/composer.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/api/composer.json b/api/composer.json index 8ec82129d..4a751a508 100644 --- a/api/composer.json +++ b/api/composer.json @@ -44,6 +44,12 @@ "config": { "platform": { "php": "7.3" + }, + "audit": { + "ignore": [ + "PKSA-4b9f-kpvb-8rtq", + "PKSA-2kqm-ps5x-s4f5" + ] } } } From 0e427e693667e9ddf4f68dff60b1fd599141b6da Mon Sep 17 00:00:00 2001 From: Mark W <24956497+ndg63276@users.noreply.github.com> Date: Fri, 21 Nov 2025 20:54:49 +0000 Subject: [PATCH 3/3] Update api/composer.json Co-authored-by: Guilherme Francisco --- api/composer.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/api/composer.json b/api/composer.json index 4a751a508..8ec82129d 100644 --- a/api/composer.json +++ b/api/composer.json @@ -44,12 +44,6 @@ "config": { "platform": { "php": "7.3" - }, - "audit": { - "ignore": [ - "PKSA-4b9f-kpvb-8rtq", - "PKSA-2kqm-ps5x-s4f5" - ] } } }