mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-54110 repositories: Allow repositories to ignore post_max_size

Browse Source 
Repositories can now override usespost() if they don't upload using POST
requests. This restores the ability of users with
moodle/course:ignorefilesizelimits to upload files of unlimited size
lost in MDL-44626.
This commit is contained in:
Mark Johnson 2016-05-10 15:35:43 +01:00
parent e4b5a062d8
commit 121b67411f
6 changed files with 120 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
lib/moodlelib.php
View File

@ -6236,53 +6236,67 @@ function valid_uploaded_file($newfile) {
/**
* Returns the maximum size for uploading files.
*
* There are seven possible upload limits:
* 1. in Apache using LimitRequestBody (no way of checking or changing this)
* 2. in php.ini for 'upload_max_filesize' (can not be changed inside PHP)
* 3. in .htaccess for 'upload_max_filesize' (can not be changed inside PHP)
* 4. in php.ini for 'post_max_size' (can not be changed inside PHP)
* 5. by the Moodle admin in $CFG->maxbytes
* 6. by the teacher in the current course $course->maxbytes
* 7. by the teacher for the current module, eg $assignment->maxbytes
* There are eight possible upload limits:
* 1. No limit, if the upload isn't using a post request and the user has permission to ignore limits.
* 2. in Apache using LimitRequestBody (no way of checking or changing this)
* 3. in php.ini for 'upload_max_filesize' (can not be changed inside PHP)
* 4. in .htaccess for 'upload_max_filesize' (can not be changed inside PHP)
* 5. in php.ini for 'post_max_size' (can not be changed inside PHP)
* 6. by the Moodle admin in $CFG->maxbytes
* 7. by the teacher in the current course $course->maxbytes
* 8. by the teacher for the current module, eg $assignment->maxbytes
*
* These last two are passed to this function as arguments (in bytes).
* Anything defined as 0 is ignored.
* The smallest of all the non-zero numbers is returned.
*
* The php.ini settings are only used if $usespost is true. This allows repositories that do not use post requests, such as
* repository_filesystem, to copy in files that are larger than post_max_size if the user has permission.
*
* @todo Finish documenting this function
*
* @param int $sitebytes Set maximum size
* @param int $coursebytes Current course $course->maxbytes (in bytes)
* @param int $modulebytes Current module ->maxbytes (in bytes)
* @param bool $usespost Does the upload we're getting the max size for use a post request?
* @return int The maximum size for uploading files.
*/
function get_max_upload_file_size($sitebytes=0, $coursebytes=0, $modulebytes=0) {
function get_max_upload_file_size($sitebytes=0, $coursebytes=0, $modulebytes=0, $usespost = true) {
if (! $filesize = ini_get('upload_max_filesize')) {
$filesize = '5M';
}
$minimumsize = get_real_size($filesize);
$sizes = array();
if ($postsize = ini_get('post_max_size')) {
$postsize = get_real_size($postsize);
if ($postsize < $minimumsize) {
$minimumsize = $postsize;
if ($usespost) {
if (! $filesize = ini_get('upload_max_filesize')) {
$filesize = '5M';
}
$sizes[] = get_real_size($filesize);
if ($postsize = ini_get('post_max_size')) {
$sizes[] = get_real_size($postsize);
}
if ($sitebytes > 0) {
$sizes[] = $sitebytes;
}
} else {
if ($sitebytes != 0) { // It's for possible that $sitebytes == USER_CAN_IGNORE_FILE_SIZE_LIMITS (-1).
$sizes[] = $sitebytes;
}
}
if (($sitebytes > 0) and ($sitebytes < $minimumsize)) {
$minimumsize = $sitebytes;
if ($coursebytes > 0) {
$sizes[] = $coursebytes;
}
if (($coursebytes > 0) and ($coursebytes < $minimumsize)) {
$minimumsize = $coursebytes;
if ($modulebytes > 0) {
$sizes[] = $modulebytes;
}
if (($modulebytes > 0) and ($modulebytes < $minimumsize)) {
$minimumsize = $modulebytes;
if (empty($sizes)) {
throw new coding_exception('You must specify at least one filesize limit.');
}
return $minimumsize;
return min($sizes);
}
/**
@ -6295,9 +6309,11 @@ function get_max_upload_file_size($sitebytes=0, $coursebytes=0, $modulebytes=0)
* @param int $coursebytes Current course $course->maxbytes (in bytes)
* @param int $modulebytes Current module ->maxbytes (in bytes)
* @param stdClass $user The user
* @param bool $usespost Does the upload we're getting the max size for use a post request?
* @return int The maximum size for uploading files.
*/
function get_user_max_upload_file_size($context, $sitebytes = 0, $coursebytes = 0, $modulebytes = 0, $user = null) {
function get_user_max_upload_file_size($context, $sitebytes = 0, $coursebytes = 0, $modulebytes = 0, $user = null,
$usespost = true) {
global $USER;
if (empty($user)) {
@ -6305,10 +6321,10 @@ function get_user_max_upload_file_size($context, $sitebytes = 0, $coursebytes =
}
if (has_capability('moodle/course:ignorefilesizelimits', $context, $user)) {
return get_max_upload_file_size(USER_CAN_IGNORE_FILE_SIZE_LIMITS);
return get_max_upload_file_size(USER_CAN_IGNORE_FILE_SIZE_LIMITS, 0, 0, $usespost);
}
return get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes);
return get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes, $usespost);
}
/**

47
lib/tests/moodlelib_test.php
View File

@ -2216,6 +2216,53 @@ class core_moodlelib_testcase extends advanced_testcase {
$this->assertArrayHasKey(get_max_upload_file_size(), $result);
}
public function test_get_max_upload_file_size() {
// Get the smallest upload limit from ini settings.
$inisize = min(array(get_real_size(ini_get('post_max_size')), get_real_size(ini_get('upload_max_filesize'))));
// The inisize is the smallest.
$sitebytes = $inisize + 10;
$coursebytes = $inisize + 20;
$modulebytes = $inisize + 30;
$this->assertEquals($inisize, get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes));
// Site limit is the smallest.
$sitebytes = $inisize - 30;
$coursebytes = $inisize - 20;
$modulebytes = $inisize - 10;
$this->assertEquals($sitebytes, get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes));
// Course limit is the smallest.
$sitebytes = $inisize - 20;
$coursebytes = $inisize - 30;
$modulebytes = $inisize - 10;
$this->assertEquals($coursebytes, get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes));
// Module limit is the smallest.
$sitebytes = $inisize - 20;
$coursebytes = $inisize - 10;
$modulebytes = $inisize - 30;
$this->assertEquals($modulebytes, get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes));
// The inisize is the smallest, the upload does not use post.
$sitebytes = $inisize + 10;
$coursebytes = $inisize + 20;
$modulebytes = $inisize + 30;
$this->assertEquals($sitebytes, get_max_upload_file_size($sitebytes, $coursebytes, $modulebytes, false));
// The user can ignore file size limits, the upload does use post.
$this->assertEquals($inisize, get_max_upload_file_size(USER_CAN_IGNORE_FILE_SIZE_LIMITS, 0, 0));
// The user can ignore file size limits, the upload not does use post.
$this->assertEquals(USER_CAN_IGNORE_FILE_SIZE_LIMITS,
get_max_upload_file_size(USER_CAN_IGNORE_FILE_SIZE_LIMITS, 0, 0, false));
// If not using post we have to provide at least one other limit.
$this->setExpectedException('coding_exception', 'You must specify at least one filesize limit.');
get_max_upload_file_size(0, 0, 0, false);
}
/**
* Test function password_is_legacy_hash().
*/

6
repository/filepicker.php
View File

@ -77,6 +77,8 @@ if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
}
$PAGE->set_course($course);
$usespost = true;
if ($repo_id) {
// Get repository instance information
$repooptions = array(
@ -87,12 +89,14 @@ if ($repo_id) {
// Check permissions
$repo->check_capability();
$usespost = $repo->uses_post_requests();
}
$context = context::instance_by_id($contextid);
// Make sure maxbytes passed is within site filesize limits.
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $course->maxbytes, $maxbytes);
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $course->maxbytes, $maxbytes, null, $usespost);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$params['action'] = 'browse';

11
repository/filesystem/lib.php
View File

@ -810,6 +810,17 @@ class repository_filesystem extends repository {
public function supports_relative_file() {
return $this->get_option('relativefiles');
}
/**
* Helper funtion to indicate if this repository uses post requests for uploading files.
*
* Files are copied from the filesystem so don't rely on POST requests.
*
* @return bool
*/
public function uses_post_requests() {
return false;
}
}
/**

12
repository/lib.php
View File

@ -2775,6 +2775,18 @@ abstract class repository implements cacheable_object {
public function supports_relative_file() {
return false;
}
/**
* Helper funtion to indicate if this repository uses post requests for uploading files.
*
* If the respository doesn't rely on uploading via POST requests, this can be overridden to return true,
* allowing users with the right permissions to upload files of any size from this repository.
*
* @return bool
*/
public function uses_post_requests() {
return true;
}
}
/**

3
repository/repository_ajax.php
View File

@ -86,7 +86,8 @@ if (!empty($course)) {
$coursemaxbytes = $course->maxbytes;
}
// Make sure maxbytes passed is within site filesize limits.
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $coursemaxbytes, $maxbytes);
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $coursemaxbytes, $maxbytes,
null, $repo->uses_post_requests());
// Wait as long as it takes for this script to finish
core_php_time_limit::raise();