[BUGFIX] Limit upload chunk size to a reasonable value

Not really a bug but avoid users to fall in php configuration traps.
ref #303

Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>

CHANGELOG.md

@@ -10,6 +10,12 @@
 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
 
+# version 4.5
+
+- Fix side effects of setting too high values in php configuration.
+
+New configuration items:
+-  `max_upload_chunk_size_bytes` option
 
 # version 4.4.0
 

index.php

@@ -269,7 +269,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
     onclick="
         document.getElementById('upload').style.display = 'none';
         document.getElementById('uploading').style.display = '';
-        upload (<?php echo jirafeau_get_max_upload_size_bytes(); ?>);
+        upload (<?php echo jirafeau_get_max_upload_chunk_size_bytes($cfg['max_upload_chunk_size_bytes']); ?>);
     "/>
     </p>
         </table>

lib/config.original.php

@@ -210,3 +210,14 @@ $cfg['installation_done'] = false;
  * var- folder should kept secret and accessing it may lead to data leak if unprotected.
  */
 $cfg['debug'] = false;
+
+/** Set Jirafeau's maximal upload chunk
+ * When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities.
+ * Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize).
+ * However, too large PHP configuration values are not needed and could induce unwanted side effects (see #303).
+ * This parameter set Jirafeau's own maximal chunk size with a reasonable value.
+ * Option is only used for async uploads and won't be used for browsers without html5 support.
+ * You should not touch this parameter unless you have good reason to do so. Feel free to open an issue to ask questions.
+ * Set to 0 to remove limitation.
+ */
+$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB

lib/functions.js.php

@@ -596,14 +596,14 @@ function async_upload_end (code)
     req.send (form);
 }
 
-function upload (max_size)
+function upload (max_chunk_size)
 {
     var one_time_checkbox = document.getElementById('one_time_download');
     var one_time = one_time_checkbox !== null ? one_time_checkbox.checked : false;
     if (check_html5_file_api ())
     {
         async_upload_start (
-            max_size,
+            max_chunk_size,
             document.getElementById('file_select').files[0],
             document.getElementById('select_time').value,
             document.getElementById('input_key').value,

lib/functions.php

@@ -229,6 +229,21 @@ function jirafeau_get_max_upload_size()
     return jirafeau_human_size(jirafeau_get_max_upload_size_bytes());
 }
 
+/**
+ * get the maximal upload size for a data chunk in async uploads
+ * @param max_upload_chunk_size_bytes
+ */
+function jirafeau_get_max_upload_chunk_size_bytes($max_upload_chunk_size_bytes = 0)
+{
+    if ($max_upload_chunk_size_bytes > 0) {
+        return min(
+            jirafeau_get_max_upload_size_bytes(),
+            $max_upload_chunk_size_bytes
+        );
+    }
+    return jirafeau_get_max_upload_size_bytes();
+}
+
 /**
  * gets a string explaining the error
  * @param $code the error code
@@ -835,7 +850,8 @@ function jirafeau_admin_bug_report($cfg)
         'enable_crypt',
         'preview',
         'maximal_upload_size',
-        'store_uploader_ip'
+        'store_uploader_ip',
+        'max_upload_chunk_size_bytes'
     ];
     foreach ($jirafeau_options as &$o) {
         $v = $cfg[$o];