mirror of
https://github.com/moodle/moodle.git
synced 2025-04-22 17:02:03 +02:00
MDL-33766 files: Improved validation of areamaxbytes
This commit is contained in:
Frederic Massart
parent
380c122fe2
commit
68acd1157e
@ -366,6 +366,7 @@ $string['user:editmessageprofile'] = 'Edit user messaging profile';
|
||||
$string['user:editownmessageprofile'] = 'Edit own user messaging profile';
|
||||
$string['user:editownprofile'] = 'Edit own user profile';
|
||||
$string['user:editprofile'] = 'Edit user profile';
|
||||
$string['user:ignoreuserquota'] = 'Ignore user quota limit';
|
||||
$string['user:loginas'] = 'Login as other users';
|
||||
$string['user:manageblocks'] = 'Manage blocks on user profile of other users';
|
||||
$string['user:manageownblocks'] = 'Manage blocks on own public user profile';
|
||||
|
||||
@ -29,6 +29,11 @@ defined('MOODLE_INTERNAL') || die();
|
||||
*/
|
||||
define('BYTESERVING_BOUNDARY', 's1k2o3d4a5k6s7');
|
||||
|
||||
/**
|
||||
* Unlimited area size constant
|
||||
*/
|
||||
define('FILE_AREA_MAX_BYTES_UNLIMITED', -1);
|
||||
|
||||
require_once("$CFG->libdir/filestorage/file_exceptions.php");
|
||||
require_once("$CFG->libdir/filestorage/file_storage.php");
|
||||
require_once("$CFG->libdir/filestorage/zip_packer.php");
|
||||
@ -484,6 +489,8 @@ function file_get_draft_area_info($draftitemid) {
|
||||
/**
|
||||
* Returns whether a draft area has exceeded/will exceed its size limit.
|
||||
*
|
||||
* Please note that the unlimited value for $areamaxbytes is -1 {@link FILE_AREA_MAX_BYTES_UNLIMITED}, not 0.
|
||||
*
|
||||
* @param int $draftitemid the draft area item id.
|
||||
* @param int $areamaxbytes the maximum size allowed in this draft area.
|
||||
* @param int $newfilesize the size that would be added to the current area.
|
||||
@ -491,7 +498,7 @@ function file_get_draft_area_info($draftitemid) {
|
||||
* @since 2.4
|
||||
*/
|
||||
function file_is_draft_area_limit_reached($draftitemid, $areamaxbytes, $newfilesize = 0) {
|
||||
if ($areamaxbytes != -1) {
|
||||
if ($areamaxbytes != FILE_AREA_MAX_BYTES_UNLIMITED) {
|
||||
$draftinfo = file_get_draft_area_info($draftitemid);
|
||||
if ($draftinfo['filesize'] + $newfilesize > $areamaxbytes) {
|
||||
return true;
|
||||
@ -743,6 +750,9 @@ function file_save_draft_area_files($draftitemid, $contextid, $component, $filea
|
||||
if (!isset($options['maxbytes']) || $options['maxbytes'] == USER_CAN_IGNORE_FILE_SIZE_LIMITS) {
|
||||
$options['maxbytes'] = 0; // unlimited
|
||||
}
|
||||
if (!isset($options['areamaxbytes'])) {
|
||||
$options['areamaxbytes'] = FILE_AREA_MAX_BYTES_UNLIMITED; // Unlimited.
|
||||
}
|
||||
$allowreferences = true;
|
||||
if (isset($options['return_types']) && !($options['return_types'] & FILE_REFERENCE)) {
|
||||
// we assume that if $options['return_types'] is NOT specified, we DO allow references.
|
||||
@ -751,6 +761,13 @@ function file_save_draft_area_files($draftitemid, $contextid, $component, $filea
|
||||
$allowreferences = false;
|
||||
}
|
||||
|
||||
// Check if the draft area has exceeded the authorised limit. This should never happen as validation
|
||||
// should have taken place before, unless the user is doing something nauthly. If so, let's just not save
|
||||
// anything at all in the next area.
|
||||
if (file_is_draft_area_limit_reached($draftitemid, $options['areamaxbytes'])) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$draftfiles = $fs->get_area_files($usercontext->id, 'user', 'draft', $draftitemid, 'id');
|
||||
$oldfiles = $fs->get_area_files($contextid, $component, $filearea, $itemid, 'id');
|
||||
|
||||
|
||||
@ -38,8 +38,8 @@ M.form_dndupload.init = function(Y, options) {
|
||||
acceptedtypes: [],
|
||||
// maximum size of files allowed in this form
|
||||
maxbytes: 0,
|
||||
// maximum combined size of files allowed in this form
|
||||
areamaxbytes: 0,
|
||||
// Maximum combined size of files allowed in this form. {@link FILE_AREA_MAX_BYTES_UNLIMITED}
|
||||
areamaxbytes: -1,
|
||||
// unqiue id of this form field used for html elements
|
||||
clientid: '',
|
||||
// upload repository id, used for upload
|
||||
@ -545,6 +545,7 @@ M.form_dndupload.init = function(Y, options) {
|
||||
return false;
|
||||
}
|
||||
// The new file will cause the area to reach its limit, we cancel the upload of all files.
|
||||
// -1 is the value defined by FILE_AREA_MAX_BYTES_UNLIMITED.
|
||||
if (this.options.areamaxbytes > -1) {
|
||||
var sizereached = this.currentareasize + this.queuesize + file.size;
|
||||
if (sizereached > this.options.areamaxbytes) {
|
||||
|
||||
@ -51,8 +51,9 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
public $_type = 'editor';
|
||||
|
||||
/** @var array options provided to initalize filepicker */
|
||||
protected $_options = array('subdirs'=>0, 'maxbytes'=>0, 'maxfiles'=>0, 'changeformat'=>0,
|
||||
'context'=>null, 'noclean'=>0, 'trusttext'=>0, 'return_types'=>7);
|
||||
protected $_options = array('subdirs' => 0, 'maxbytes' => 0, 'maxfiles' => 0, 'changeformat' => 0,
|
||||
'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED, 'context' => null, 'noclean' => 0, 'trusttext' => 0,
|
||||
'return_types' => 7);
|
||||
// $_options['return_types'] = FILE_INTERNAL | FILE_EXTERNAL | FILE_REFERENCE
|
||||
|
||||
/** @var array values for editor */
|
||||
@ -153,6 +154,24 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
$this->_options['maxbytes'] = get_max_upload_file_size($CFG->maxbytes, $maxbytes);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the maximum size of the area.
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
function getAreamaxbytes() {
|
||||
return $this->_options['areamaxbytes'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the maximum size of the area.
|
||||
*
|
||||
* @param int $areamaxbytes size limit
|
||||
*/
|
||||
function setAreamaxbytes($areamaxbytes) {
|
||||
$this->_options['areamaxbytes'] = $areamaxbytes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns maximum number of files which can be uploaded
|
||||
*
|
||||
@ -274,6 +293,7 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
|
||||
$subdirs = $this->_options['subdirs'];
|
||||
$maxbytes = $this->_options['maxbytes'];
|
||||
$areamaxbytes = $this->_options['areamaxbytes'];
|
||||
$maxfiles = $this->_options['maxfiles'];
|
||||
$changeformat = $this->_options['changeformat']; // TO DO: implement as ajax calls
|
||||
|
||||
@ -318,6 +338,7 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
$image_options->context = $ctx;
|
||||
$image_options->client_id = uniqid();
|
||||
$image_options->maxbytes = $this->_options['maxbytes'];
|
||||
$image_options->areamaxbytes = $this->_options['areamaxbytes'];
|
||||
$image_options->env = 'editor';
|
||||
$image_options->itemid = $draftitemid;
|
||||
|
||||
@ -327,6 +348,7 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
$media_options->context = $ctx;
|
||||
$media_options->client_id = uniqid();
|
||||
$media_options->maxbytes = $this->_options['maxbytes'];
|
||||
$media_options->areamaxbytes = $this->_options['areamaxbytes'];
|
||||
$media_options->env = 'editor';
|
||||
$media_options->itemid = $draftitemid;
|
||||
|
||||
@ -336,6 +358,7 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
$link_options->context = $ctx;
|
||||
$link_options->client_id = uniqid();
|
||||
$link_options->maxbytes = $this->_options['maxbytes'];
|
||||
$link_options->areamaxbytes = $this->_options['areamaxbytes'];
|
||||
$link_options->env = 'editor';
|
||||
$link_options->itemid = $draftitemid;
|
||||
|
||||
@ -389,6 +412,7 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
|
||||
'itemid'=>$draftitemid,
|
||||
'subdirs'=>$subdirs,
|
||||
'maxbytes'=>$maxbytes,
|
||||
'areamaxbytes' => $areamaxbytes,
|
||||
'maxfiles'=>$maxfiles,
|
||||
'ctx_id'=>$ctx->id,
|
||||
'course'=>$PAGE->course->id,
|
||||
|
||||
@ -48,7 +48,8 @@ class MoodleQuickForm_filemanager extends HTML_QuickForm_element {
|
||||
// PHP doesn't support 'key' => $value1 | $value2 in class definition
|
||||
// We cannot do $_options = array('return_types'=> FILE_INTERNAL | FILE_REFERENCE);
|
||||
// So I have to set null here, and do it in constructor
|
||||
protected $_options = array('mainfile'=>'', 'subdirs'=>1, 'maxbytes'=>-1, 'maxfiles'=>-1, 'accepted_types'=>'*', 'return_types'=> null, 'areamaxbytes' => -1);
|
||||
protected $_options = array('mainfile' => '', 'subdirs' => 1, 'maxbytes' => -1, 'maxfiles' => -1,
|
||||
'accepted_types' => '*', 'return_types' => null, 'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED);
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
@ -290,6 +291,7 @@ class form_filemanager implements renderable {
|
||||
* @param stdClass $options options for filemanager
|
||||
* default options are:
|
||||
* maxbytes=>-1,
|
||||
* areamaxbytes => FILE_AREA_MAX_BYTES_UNLIMITED,
|
||||
* maxfiles=>-1,
|
||||
* itemid=>0,
|
||||
* subdirs=>false,
|
||||
@ -306,6 +308,7 @@ class form_filemanager implements renderable {
|
||||
require_once($CFG->dirroot. '/repository/lib.php');
|
||||
$defaults = array(
|
||||
'maxbytes'=>-1,
|
||||
'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED,
|
||||
'maxfiles'=>-1,
|
||||
'itemid'=>0,
|
||||
'subdirs'=>0,
|
||||
@ -381,6 +384,7 @@ class form_filemanager implements renderable {
|
||||
'itemid'=>$this->options->itemid,
|
||||
'subdirs'=>$this->options->subdirs,
|
||||
'maxbytes'=>$this->options->maxbytes,
|
||||
'areamaxbytes' => $this->options->areamaxbytes,
|
||||
'maxfiles'=>$this->options->maxfiles,
|
||||
'ctx_id'=>$PAGE->context->id, // TODO ?
|
||||
'course'=>$PAGE->course->id, // TODO ?
|
||||
|
||||
@ -55,6 +55,7 @@ $targetpath = optional_param('targetpath', '', PARAM_PATH);
|
||||
$maxfiles = optional_param('maxfiles', -1, PARAM_INT); // maxfiles
|
||||
$maxbytes = optional_param('maxbytes', 0, PARAM_INT); // maxbytes
|
||||
$subdirs = optional_param('subdirs', 0, PARAM_INT); // maxbytes
|
||||
$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); // Area maxbytes.
|
||||
|
||||
// draft area
|
||||
$newdirname = optional_param('newdirname', '', PARAM_FILE);
|
||||
@ -70,7 +71,7 @@ $PAGE->set_context($user_context);
|
||||
|
||||
$fs = get_file_storage();
|
||||
|
||||
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
|
||||
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
|
||||
$PAGE->set_url('/repository/draftfiles_manager.php', $params);
|
||||
$filepicker_url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);
|
||||
|
||||
|
||||
@ -544,6 +544,7 @@ M.core_filepicker.init = function(Y, options) {
|
||||
params['client_id'] = args.client_id;
|
||||
params['itemid'] = this.options.itemid?this.options.itemid:0;
|
||||
params['maxbytes'] = this.options.maxbytes?this.options.maxbytes:-1;
|
||||
// The unlimited value of areamaxbytes is -1, it is defined by FILE_AREA_MAX_BYTES_UNLIMITED.
|
||||
params['areamaxbytes'] = this.options.areamaxbytes ? this.options.areamaxbytes : -1;
|
||||
if (this.options.context && this.options.context.id) {
|
||||
params['ctx_id'] = this.options.context.id;
|
||||
|
||||
@ -59,6 +59,7 @@ $search_text = optional_param('s', '', PARAM_CLEANHTML);
|
||||
$maxfiles = optional_param('maxfiles', -1, PARAM_INT); // maxfiles
|
||||
$maxbytes = optional_param('maxbytes', 0, PARAM_INT); // maxbytes
|
||||
$subdirs = optional_param('subdirs', 0, PARAM_INT); // maxbytes
|
||||
$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); // Area maxbytes.
|
||||
$accepted_types = optional_param_array('accepted_types', '*', PARAM_RAW);
|
||||
|
||||
// the path to save files
|
||||
@ -93,7 +94,7 @@ $context = context::instance_by_id($contextid);
|
||||
// Make sure maxbytes passed is within site filesize limits.
|
||||
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $course->maxbytes, $maxbytes);
|
||||
|
||||
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
|
||||
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
|
||||
$params['action'] = 'browse';
|
||||
$params['draftpath'] = $draftpath;
|
||||
$home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
|
||||
@ -318,7 +319,7 @@ case 'download':
|
||||
$record->sortorder = 0;
|
||||
|
||||
if ($repo->has_moodle_files()) {
|
||||
$fileinfo = $repo->copy_to_area($reference, $record, $maxbytes);
|
||||
$fileinfo = $repo->copy_to_area($reference, $record, $maxbytes, $areamaxbytes);
|
||||
redirect($home_url, get_string('downloadsucc', 'repository'));
|
||||
} else {
|
||||
$thefile = $repo->get_file($reference, $filename);
|
||||
@ -328,6 +329,11 @@ case 'download':
|
||||
unlink($thefile['path']);
|
||||
print_error('maxbytes');
|
||||
}
|
||||
// Ensure the file will not make the area exceed its size limit.
|
||||
if (file_is_draft_area_limit_reached($record->itemid, $areamaxbytes, $filesize)) {
|
||||
unlink($thefile['path']);
|
||||
print_error('maxareabytes');
|
||||
}
|
||||
try {
|
||||
$info = repository::move_to_filepool($thefile['path'], $record);
|
||||
redirect($home_url, get_string('downloadsucc', 'repository'));
|
||||
|
||||
@ -706,9 +706,11 @@ abstract class repository {
|
||||
* attributes of the new file
|
||||
* @param int $maxbytes maximum allowed size of file, -1 if unlimited. If size of file exceeds
|
||||
* the limit, the file_exception is thrown.
|
||||
* @param int $areamaxbytes the maximum size of the area. A file_exception is thrown if the
|
||||
* new file will reach the limit.
|
||||
* @return array The information about the created file
|
||||
*/
|
||||
public function copy_to_area($source, $filerecord, $maxbytes = -1) {
|
||||
public function copy_to_area($source, $filerecord, $maxbytes = -1, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) {
|
||||
global $USER;
|
||||
$fs = get_file_storage();
|
||||
|
||||
@ -732,6 +734,10 @@ abstract class repository {
|
||||
if ($maxbytes != -1 && $stored_file->get_filesize() > $maxbytes) {
|
||||
throw new file_exception('maxbytes');
|
||||
}
|
||||
// Validate the size of the draft area.
|
||||
if (file_is_draft_area_limit_reached($draftitemid, $areamaxbytes, $stored_file->get_filesize())) {
|
||||
throw new file_exception('maxareabytes');
|
||||
}
|
||||
|
||||
if (repository::draftfile_exists($draftitemid, $new_filepath, $new_filename)) {
|
||||
// create new file
|
||||
|
||||
@ -46,7 +46,7 @@ $maxbytes = optional_param('maxbytes', 0, PARAM_INT); // Maxbytes
|
||||
$req_path = optional_param('p', '', PARAM_RAW); // Path
|
||||
$accepted_types = optional_param_array('accepted_types', '*', PARAM_RAW);
|
||||
$saveas_filename = optional_param('title', '', PARAM_FILE); // save as file name
|
||||
$areamaxbytes = optional_param('areamaxbytes', -1, PARAM_INT); // Area max bytes
|
||||
$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); // Area max bytes.
|
||||
$saveas_path = optional_param('savepath', '/', PARAM_PATH); // save as file path
|
||||
$search_text = optional_param('s', '', PARAM_CLEANHTML);
|
||||
$linkexternal = optional_param('linkexternal', '', PARAM_ALPHA);
|
||||
@ -290,7 +290,7 @@ switch ($action) {
|
||||
|
||||
// If the moodle file is an alias we copy this alias, otherwise we copy the file
|
||||
// {@link repository::copy_to_area()}.
|
||||
$fileinfo = $repo->copy_to_area($reference, $record, $maxbytes);
|
||||
$fileinfo = $repo->copy_to_area($reference, $record, $maxbytes, $areamaxbytes);
|
||||
|
||||
echo json_encode($fileinfo);
|
||||
die;
|
||||
|
||||
@ -57,7 +57,7 @@ class repository_upload extends repository {
|
||||
$itemid = optional_param('itemid', 0, PARAM_INT);
|
||||
$license = optional_param('license', $CFG->sitedefaultlicense, PARAM_TEXT);
|
||||
$author = optional_param('author', '', PARAM_TEXT);
|
||||
$areamaxbytes = optional_param('areamaxbytes', -1, PARAM_INT);
|
||||
$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT);
|
||||
$overwriteexisting = optional_param('overwrite', false, PARAM_BOOL);
|
||||
|
||||
return $this->process_upload($saveas_filename, $maxbytes, $types, $savepath, $itemid, $license, $author, $overwriteexisting, $areamaxbytes);
|
||||
@ -73,10 +73,11 @@ class repository_upload extends repository {
|
||||
* @param string $license optional the license to use for this file
|
||||
* @param string $author optional the name of the author of this file
|
||||
* @param bool $overwriteexisting optional user has asked to overwrite the existing file
|
||||
* @param int $areamaxbytes maximum size of the file area.
|
||||
* @return object containing details of the file uploaded
|
||||
*/
|
||||
public function process_upload($saveas_filename, $maxbytes, $types = '*', $savepath = '/', $itemid = 0,
|
||||
$license = null, $author = '', $overwriteexisting = false, $areamaxbytes = -1) {
|
||||
$license = null, $author = '', $overwriteexisting = false, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) {
|
||||
global $USER, $CFG;
|
||||
|
||||
if ((is_array($types) and in_array('*', $types)) or $types == '*') {
|
||||
|
||||
@ -53,7 +53,7 @@ $PAGE->set_pagetype('user-files');
|
||||
|
||||
$maxareabytes = $CFG->userquota;
|
||||
if (has_capability('moodle/user:ignoreuserquota', $context)) {
|
||||
$maxareabytes = -1;
|
||||
$maxareabytes = FILE_AREA_MAX_BYTES_UNLIMITED;
|
||||
}
|
||||
|
||||
$data = new stdClass();
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
defined('MOODLE_INTERNAL') || die();
|
||||
|
||||
|
||||
$version = 2012110101.00; // YYYYMMDD = weekly release date of this DEV branch
|
||||
$version = 2012110101.01; // YYYYMMDD = weekly release date of this DEV branch
|
||||
// RR = release increments - 00 in DEV branches
|
||||
// .XX = incremental changes
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user