Plugin Directory: Limit file size for 'asset' images

[Ipstenu]

This may be tricky, but we should limit the size of files for screenshots, banners, and icons.

Most people (properly) put them in the /assets/ folder, but there's a holdover from 'the old way' where it worked in the main plugin folder, which means we'll have to check multiple places, and by file size.

This will prevent the WP dashboard (and the website) from being slower than they need to be.

[Otto42]

We should probably stop supporting screenshots outside of assets in a going-forward manner. But that's another topic.

What would be appropriate size limits for these? Banners, icons, screenshots. All should have different limits.

[Ipstenu]

Replying to Otto42:

We should probably stop supporting screenshots outside of assets in a going-forward manner. But that's another topic.

Noted.

What would be appropriate size limits for these? Banners, icons, screenshots. All should have different limits.

I don't know. Can we grep them right now for an average filesize?

[dd32]

I don't know. Can we grep them right now for an average filesize?

Could probably look at the last 5,000 plugins with assets and see what they have.. It's not as easy as a grep but it's doable.

I'm not really sure if it's worthwhile setting "sane" limits here, or if we're not just better off by putting an 'absurd' high limit (say 2MB?) on to block any stupid-sized images.

$ svn ls -v https://plugins.svn.wordpress.org/hello-dolly/assets/ | grep -v '/$' | awk '{ byte = $3/1024; print byte " KB " $7 }'
175.067 KB banner-1344x500.jpg
75.3008 KB banner-772x250.jpg
46.5469 KB icon-128x128.jpg
55.04 KB icon-256x256.jpg

$ svn ls -v https://plugins.svn.wordpress.org/jetpack/assets/ | grep -v '/$' | awk '{ byte = $3/1024; print byte " KB " $7 }'
38.71 KB banner-1544x500.png
17.8594 KB banner-772x250.png
0.50293 KB icon-128x128.png
1.08789 KB icon-256x256.png
1.02246 KB icon.svg
266.567 KB screenshot-1.png
1140.15 KB screenshot-2.png
1479.11 KB screenshot-3.png
304.58 KB screenshot-4.png

[dd32]

So, I've looked at the last ~4,000 plugins imported into the directory (last 3 weeks basically). That means there's probably a lot of new plugins in there, but also the commonly updated plugins.

Here's some filesize stats:

asset_type	count	avg_size	max_size
screenshot-*	16,783	235KB	53,965KB
banner-772x250	 3,587	101KB	 4,884KB
icon-128x128	 3,206	 18KB	 1,274KB
icon-256x256	 2,926	 35KB	 1,515KB
banner-1544x500	 2,166	229KB	 8,413KB
icon.svg	   435	 26KB	 1,592KB

That's only filenames that occur 100 times or more in the plugins surveyed, a lot of plugins include incorrectly named files, sizes we don't support, etc.

Yes. There's a plugin that has a 50MB screenshot asset. That plugin has ~86MB of assets. Next closest is 67MB.
There are 12 plugins with total asset size >= 20MB, so they're exceptions.

Based on this, here's some limitations I'm going to suggest:
Screenshots: 5MB (Affects 50 assets)
Banners: 1MB / 2MB for low/high res. (Affects 15 low-res assets, 10 high-res assets)
Icons: 512KB (Affects 40 assets)

[dd32]

re-ran the script with every plugin with more than 1,000 installs.
I should also note, that these number and the above comment only refer to assets in the /assets/ directory, it ignores screenshots in the plugin folder.

asset_type	count	avg	max_size
screenshot-*	21,905	222KB	109,096KB
banner-772x250	 5,470	 91KB	  3,024KB
icon-128x128	 4,501	 17KB	  1,274KB
icon-256x256	 3,830	 34KB	  2,283KB
banner-1544x500	 2,678	219KB	  6,079KB
icon.svg	   539	 30KB	  4,520KB

With the above mentioned limits, the affected asset counts are..
Screenshots: 151 (>5MB)
Banners: 70 low-res / 8 high-res (>1/2MB)
Icons: 55 (>512KB) (Of which 25 are currently >1MB)

Again, 15 plugins had >20MB of assets, ~60 >10MB

[dd32]

In 10050:

Plugin Directory: Add some restrictions on the size of asset files to import.

The initial limits are:

• Screenshots: 10MB, very few are larger than this.
• Banners: 4MB (Low & High res)
• Icons: 1MB

See #5171.

[dd32]

Decided to move forward with adding limits at 200% of what I think are reasonable.

Ideally all of those limits should be halved IMHO.

[Ipstenu]

Yes. There's a plugin that has a 50MB screenshot asset. That plugin has ~86MB of assets. Next closest is 67MB.
There are 12 plugins with total asset size >= 20MB, so they're exceptions.

12 out of 90,000 (more or less) yeah I agree.

Also I'm not shocked someone has a 50MB screenshot.

[dd32]

I'm going to mark this as fixed. Although the limits are still relatively high, they're also not extreme.