Summary
Alert/report/removal import reads full uploaded file into memory with no explicit size guard.
Evidence
syslog_alerts.php:947-948syslog_reports.php:809-810syslog_removal.php:747-748
Pattern: fopen + fread(... filesize(...)) + xml2array($xml_data).
Impact
Large uploads can exhaust PHP memory and destabilize admin requests.
Expected fix
- Enforce explicit maximum import size
- Fail fast with user-visible validation message
- Prefer safer read/parse strategy that avoids unnecessary full-buffer pressure
Summary
Alert/report/removal import reads full uploaded file into memory with no explicit size guard.
Evidence
syslog_alerts.php:947-948syslog_reports.php:809-810syslog_removal.php:747-748Pattern:
fopen+fread(... filesize(...))+xml2array($xml_data).Impact
Large uploads can exhaust PHP memory and destabilize admin requests.
Expected fix