Update file validation to use database max_upload_size_mb setting

- validate_file_size() now uses database setting instead of MAX_CONTENT_LENGTH
- detect_malicious_content() uses database setting for size limits
- Both functions now respect the configurable max_upload_size_mb (default 2048MB = 2GB)

app/utils/security.py

@@ -288,17 +288,20 @@ def require_active_user(f):
 def validate_file_size(file_size, max_size=None):
     """
     Validate file size
-    
+
     Args:
         file_size: Size of file in bytes
-        max_size: Maximum allowed size (defaults to config)
-    
+        max_size: Maximum allowed size (defaults to database setting)
+
     Returns:
         bool: True if file size is acceptable
     """
     if max_size is None:
-        max_size = current_app.config.get('MAX_CONTENT_LENGTH', 5 * 1024 * 1024 * 1024)
-    
+        # Get max upload size from database settings (in MB)
+        from app.models import SystemSettings
+        max_upload_size_mb = SystemSettings.get_setting('max_upload_size_mb', 2048)  # Default 2GB
+        max_size = max_upload_size_mb * 1024 * 1024  # Convert MB to bytes
+
     return file_size <= max_size
 
 def detect_malicious_content(file_path):
@@ -315,8 +318,12 @@ def detect_malicious_content(file_path):
         # Check file size (extremely large files might be suspicious)
         import os
         file_size = os.path.getsize(file_path)
-        # Allow up to 5GB for ZIP files (configurable)
-        max_safe_size = current_app.config.get('MAX_CONTENT_LENGTH', 5 * 1024 * 1024 * 1024)
+
+        # Get max upload size from database settings (in MB)
+        from app.models import SystemSettings
+        max_upload_size_mb = SystemSettings.get_setting('max_upload_size_mb', 2048)  # Default 2GB
+        max_safe_size = max_upload_size_mb * 1024 * 1024  # Convert MB to bytes
+
         if file_size > max_safe_size:
             return True