summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2012-04-13 11:25:38 +0200
committerArthur Schiwon <blizzz@owncloud.com>2012-04-13 11:25:38 +0200
commitb95f561bf29094421b827bb1fcae96122ebf8f4a (patch)
tree765b4cafca1a7c658ff6d6df6f8ca443a3760ce8
parent1bd27891e2d0f62f4ab9588dec9ca12b79e50030 (diff)
downloadnextcloud-server-b95f561bf29094421b827bb1fcae96122ebf8f4a.tar.gz
nextcloud-server-b95f561bf29094421b827bb1fcae96122ebf8f4a.zip
file settings: let people set no more than upper boundary for file uploads, but they should can really go up to the limit
-rw-r--r--files/admin.php1
-rw-r--r--files/templates/admin.php2
-rw-r--r--lib/files.php18
3 files changed, 15 insertions, 6 deletions
diff --git a/files/admin.php b/files/admin.php
index 04ef6a4e828..4ae3ee51236 100644
--- a/files/admin.php
+++ b/files/admin.php
@@ -54,6 +54,7 @@ OC_App::setActiveNavigationEntry( "files_administration" );
$tmpl = new OC_Template( 'files', 'admin' );
$tmpl->assign( 'htaccessWorking', $htaccessWorking );
$tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assign( 'maxPossibleUploadSize', OC_Helper::humanFileSize(PHP_INT_MAX));
$tmpl->assign( 'allowZipDownload', $allowZipDownload);
$tmpl->assign( 'maxZipInputSize', $maxZipInputSize);
return $tmpl->fetchPage(); \ No newline at end of file
diff --git a/files/templates/admin.php b/files/templates/admin.php
index 730f55f2768..9bcc40e9361 100644
--- a/files/templates/admin.php
+++ b/files/templates/admin.php
@@ -4,7 +4,7 @@
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('File handling');?></strong></legend>
<?php if($_['htaccessWorking']):?>
- <label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/><br/>
+ <label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/>(<?php echo $l->t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)<br/>
<?php endif;?>
<input type="checkbox" name="allowZipDownload" id="allowZipDownload" value="1" title="<?php echo $l->t( 'Needed for multi-file and folder downloads.' ); ?>"<?php if ($_['allowZipDownload']) echo ' checked="checked"'; ?> /> <label for="allowZipDownload"><?php echo $l->t( 'Enable ZIP-download' ); ?></label> <br/>
<fieldset class="personalblock">
diff --git a/lib/files.php b/lib/files.php
index 473be51fdd1..051cfd4b81c 100644
--- a/lib/files.php
+++ b/lib/files.php
@@ -317,14 +317,22 @@ class OC_Files {
/**
* set the maximum upload size limit for apache hosts using .htaccess
* @param int size filesisze in bytes
- * @return mixed false on failure, size on success
+ * @return false on failure, size on success
*/
static function setUploadLimit($size){
- $size=OC_Helper::humanFileSize($size);
- $size=substr($size,0,-1);//strip the B
- $size=str_replace(' ','',$size); //remove the space between the size and the postfix
+ //don't allow user to break his config -- upper boundary
+ if($size > PHP_INT_MAX) {
+ //max size is always 1 byte lower than computerFileSize returns
+ if($size > PHP_INT_MAX+1)
+ return false;
+ $size -=1;
+ } else {
+ $size=OC_Helper::humanFileSize($size);
+ $size=substr($size,0,-1);//strip the B
+ $size=str_replace(' ','',$size); //remove the space between the size and the postfix
+ }
- //don't allow user to break his config
+ //don't allow user to break his config -- broken or malicious size input
if(intval($size) == 0) {
return false;
}