Fixes #7 Jirafeau can now limit file size

- Can limit file size whatever upload method is used - Add a <div> for error handling - Fix courgette style
2025-01-17 21:08:20 +01:00 · 2015-03-12 20:16:34 +01:00 · 2015-03-12 20:16:34 +01:00 · c5571d9237
commit c5571d9237
parent d60db97801
7 changed files with 121 additions and 21 deletions
--- a/index.php
+++ b/index.php
@ -141,6 +141,9 @@ if (jirafeau_has_upload_password ($cfg))
    </p>
 </div>

+<div id="error_pop" class="error">
+</div>
+
 <div id="upload">
 <fieldset>
    <legend>
@ -148,12 +151,9 @@ if (jirafeau_has_upload_password ($cfg))
    </legend>
    <p>
    <input type="file" id="file_select" size="30"
-    onchange="
-        document.getElementById('options').style.display = '';
-        document.getElementById('send').style.display = '';
-    "/>
+    onchange="control_selected_file_size(<?php echo $cfg['maximal_upload_size'] ?>, '<?php echo t ('File is too big') . ', ' . t ('File size is limited to') . " " . $cfg['maximal_upload_size'] . " MB"; ?>')"/>
    </p>
-    
+
    <div id="options">
        <table id="option_table">
        <tr>
@ -190,6 +190,15 @@ if (jirafeau_has_upload_password ($cfg))
        <?php } ?>
        </select></td>
        </tr>
+
+        <?php
+        if ($cfg['maximal_upload_size'] > 0)
+        {
+        echo '<p class="config">' . t ('File size is limited to');
+        echo " " . $cfg['maximal_upload_size'] . " MB</p>";
+        }
+        ?>
+
 		<p id="max_file_size" class="config"></p>
    <p>
    <?php
@ -231,6 +240,7 @@ if (jirafeau_has_upload_password ($cfg))
 </div>

 <script lang="Javascript">
+    document.getElementById('error_pop').style.display = 'none';
    document.getElementById('uploading').style.display = 'none';
    document.getElementById('upload_finished').style.display = 'none';
    document.getElementById('options').style.display = 'none';
--- a/lib/config.original.php
+++ b/lib/config.original.php
@ -80,6 +80,10 @@ $cfg['availabilities'] = array ('minute' => true,
                                'month' => true,
                                'year' => false,
                                'none' => false);
+/* Set maximal upload size expressed in MB.
+ * 0 mean unlimited upload size.
+ */
+$cfg['maximal_upload_size'] = 0;
 /* Installation is done ? */
 $cfg['installation_done'] = false;

--- a/lib/functions.js
+++ b/lib/functions.js
@ -125,25 +125,52 @@ function upload_progress (e)
        show_upload_progression (p.toString() + '%');
 }

-function upload_failed (e)
+function control_selected_file_size(max_size, error_str)
 {
-    /* Todo: Considere showing a error div. */
-    alert ('Sorry, upload failed');
+    f_size = document.getElementById('file_select').files[0].size;
+    if (max_size > 0 && f_size > max_size * 1024 * 1024)
+    {
+        pop_failure(error_str);
+        document.getElementById('send').style.display = 'none';
+    }
+    else
+    {
+        document.getElementById('options').style.display = '';
+        document.getElementById('send').style.display = '';
+        document.getElementById('error_pop').style.display = 'none';
+    }
+}
+
+function pop_failure (e)
+{
+    var text = "An error occured";
+    if (typeof e !== 'undefined')
+        text = e;
+    text = "<p>" + text + "</p>";
+    document.getElementById('error_pop').innerHTML = e;
+
+    document.getElementById('uploading').style.display = 'none';
+    document.getElementById('error_pop').style.display = '';
+    document.getElementById('upload').style.display = '';
+    document.getElementById('send').style.display = '';
 }

 function classic_upload (url, file, time, password, one_time, upload_password)
 {
    var req = new XMLHttpRequest ();
    req.upload.addEventListener ("progress", upload_progress, false);
-    req.addEventListener ("error", upload_failed, false);
-    req.addEventListener ("abort", upload_failed, false);
+    req.addEventListener ("error", pop_failure, false);
+    req.addEventListener ("abort", pop_failure, false);
    req.onreadystatechange = function ()
    {
        if (req.readyState == 4 && req.status == 200)
        {
            var res = req.responseText;
            if (res == "Error")
+            {
+                pop_failure ();
                return;
+            }
            res = res.split ("\n");
            if (time != 'none')
            {
@ -208,15 +235,18 @@ function async_upload_start (url, max_size, file, time, password, one_time, uplo
    async_global_time = time;

    var req = new XMLHttpRequest ();
-    req.addEventListener ("error", upload_failed, false);
-    req.addEventListener ("abort", upload_failed, false);
+    req.addEventListener ("error", pop_failure, false);
+    req.addEventListener ("abort", pop_failure, false);
    req.onreadystatechange = function ()
    {
        if (req.readyState == 4 && req.status == 200)
        {
            var res = req.responseText;
            if (res == "Error")
+            {
+                pop_failure ();
                return;
+            }
            res = res.split ("\n");
            async_global_ref = res[0];
            var code = res[1];
@ -260,15 +290,18 @@ function async_upload_push (code)
    }
    var req = new XMLHttpRequest ();
    req.upload.addEventListener ("progress", async_upload_progress, false);
-    req.addEventListener ("error", upload_failed, false);
-    req.addEventListener ("abort", upload_failed, false);
+    req.addEventListener ("error", pop_failure, false);
+    req.addEventListener ("abort", pop_failure, false);
    req.onreadystatechange = function ()
    {
        if (req.readyState == 4 && req.status == 200)
        {
            var res = req.responseText;
            if (res == "Error")
+            {
+                pop_failure ();
                return;
+            }
            res = res.split ("\n");
            var code = res[0]
            async_global_transfered = async_global_transfering;
@ -295,15 +328,18 @@ function async_upload_push (code)
 function async_upload_end (code)
 {
    var req = new XMLHttpRequest ();
-    req.addEventListener ("error", upload_failed, false);
-    req.addEventListener ("abort", upload_failed, false);
+    req.addEventListener ("error", pop_failure, false);
+    req.addEventListener ("abort", pop_failure, false);
    req.onreadystatechange = function ()
    {
        if (req.readyState == 4 && req.status == 200)
        {
            var res = req.responseText;
            if (res == "Error")
+            {
+                pop_failure ();
                return;
+            }
            res = res.split ("\n");
            if (async_global_time != 'none')
            {
--- a/lib/functions.php
+++ b/lib/functions.php
@ -841,10 +841,11 @@ jirafeau_async_init ($filename, $type, $one_time, $key, $time, $ip)
  * @param $ref asynchronous upload reference
  * @param $file piece of data
  * @param $code client code for this operation
+  * @param $max_file_size maximum allowed file size
  * @return  a string containing a next code to use or the string "Error"
  */
 function
-jirafeau_async_push ($ref, $data, $code)
+jirafeau_async_push ($ref, $data, $code, $max_file_size)
 {
    /* Get async infos. */
    $a = jirafeau_get_async_ref ($ref);
@ -858,9 +859,21 @@ jirafeau_async_push ($ref, $data, $code)
    
    $p = s2p ($ref);

+    /* File path. */
+    $r_path = $data['tmp_name'];
+    $w_path = VAR_ASYNC . $p . $ref . '_data';
+
+    /* Check that file size is not above upload limit. */
+    if ($max_file_size > 0 &&
+        filesize ($r_path) + filesize ($w_path) > $max_file_size * 1024 * 1024)
+    {
+        jirafeau_async_delete ($ref);
+        return "Error";
+    }
+
    /* Concatenate data. */
-    $r = fopen ($data['tmp_name'], 'r');
-    $w = fopen (VAR_ASYNC . $p . $ref . '_data', 'a');
+    $r = fopen ($r_path, 'r');
+    $w = fopen ($w_path, 'a');
    while (!feof ($r))
    {
        if (fwrite ($w, fread ($r, 1024)) === false)
@ -873,7 +886,7 @@ jirafeau_async_push ($ref, $data, $code)
    }
    fclose ($r);
    fclose ($w);
-    unlink ($data['tmp_name']);
+    unlink ($r_path);
    
    /* Update async file. */
    $code = jirafeau_gen_random (4);
--- a/lib/lang/fr.php
+++ b/lib/lang/fr.php
@ -39,6 +39,8 @@ $tr = array (
             'One year' => 'Une année',
             'None' => 'Aucune',
             'Upload password' => 'Mot de passe',
+             'File is too big' => 'Le fichier est trop volumineux',
+             'File size is limited to' => 'La taille de fichier est limité à',
             'The file directory is not writable' => 'Le dossier \'file\' ne peut être écrit.',
             'The link directory is not writable' => 'Le dossier \'link\' ne peut être écrit.',
             'The async directory is not writable!' => 'Le dossier \'async\' ne peut être écrit.',
@ -143,6 +145,8 @@ $tr = array (
            'This interface permits to script your uploads and downloads.' => 'Cette interface permet de programmer vos envoie et téléversements.',
            'The instructions above show how to query this interface.' => 'Les instructions ci-dessous montrent comment interroger cette interface.',
            'Get server capacity' => 'Récupérer la capacité d\'envoie du serveur',
+            'Maximal allowed size of an uploaded file' => 'Récupérer la taille maximal autorisée d\'un envoie de fichier',
+            'First line returns size (in MB).' => 'La première ligne correspond à la taille exprimée en MB.',
            'Get Jirafeau\'s version' => 'Récupérer la version de Jirafeau',
            'Send a GET query to' => 'Envoyez une requette GET à',
            'Send a POST query to' => 'Envoyez une requette POST à',
--- a/media/courgette/style.css.php
+++ b/media/courgette/style.css.php
@ -239,7 +239,9 @@ input[type="submit"]:focus {

 .message,
 .error {
+  color: #d55548;
  font-style: italic;
+  font-weight: bold;
 }

 /* ==========================================================================
--- a/script.php
+++ b/script.php
@ -82,6 +82,19 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
    echo '<p>';
    echo t('Example') . ": <a href=\"" . $web_root . "script.php?get_capacity=1\">" . $web_root . "script.php?get_capacity=1</a> ";
    echo '</p>';
+
+    echo '<h3>' . t('Maximal allowed size of an uploaded file') . ':</h3>';
+    echo '<p>';
+    echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
+    echo '<br />';
+    echo t('Parameters') . ':<br />';
+    echo "<b>get_maximal_upload_size=</b>1<i> (" . t('Required') . ")</i> <br />";
+    echo '</p>';
+    echo '<p>' . t('This will return brut text content.') . ' ' .
+            t('First line returns size (in MB).') . '<br /></p>';
+    echo '<p>';
+    echo t('Example') . ": <a href=\"" . $web_root . "script.php?get_maximal_upload_size=1\">" . $web_root . "script.php?get_maximal_upload_size=1</a> ";
+    echo '</p>';
    
    echo '<h3>' . t('Upload a file') . ':</h3>';
    echo '<p>';
@ -248,6 +261,15 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)
                $time = JIRAFEAU_INFINITY;
                break;
        }
+
+    // Check file size
+    if ($cfg['maximal_upload_size'] > 0 &&
+        $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024)
+    {
+        echo "Error";
+        exit;
+    }
+
    $res = jirafeau_upload ($_FILES['file'],
                            isset ($_POST['one_time_download']),
                            $key, $time, $_SERVER['REMOTE_ADDR'],
@ -336,6 +358,10 @@ elseif (isset ($_GET['get_capacity']))
    echo min (jirafeau_ini_to_bytes (ini_get ('post_max_size')),
              jirafeau_ini_to_bytes (ini_get ('upload_max_filesize')));
 }
+elseif (isset ($_GET['get_maximal_upload_size']))
+{
+    echo $cfg['maximal_upload_size'];
+}
 elseif (isset ($_GET['get_version']))
 {
    echo JIRAFEAU_VERSION;
@ -547,7 +573,12 @@ elseif (isset ($_GET['push_async']))
        || (!isset ($_POST['code'])))
        echo "Error";
    else
-        echo jirafeau_async_push ($_POST['ref'], $_FILES['data'], $_POST['code']);                                      
+    {
+        echo jirafeau_async_push ($_POST['ref'],
+                                  $_FILES['data'],
+                                  $_POST['code'],
+                                  $cfg['maximal_upload_size']);
+    }
 }
 /* Finalize an asynchronous upload. */
 elseif (isset ($_GET['end_async']))