diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-03-28 11:34:11 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-03-28 11:34:11 +0100 |
| commit | d3752ca1e925c3aed46c13f7ea26c8f540db05e0 (patch) | |
| tree | 1a317c52b321ab2734249a71fc13a796a02faf19 | |
| parent | 3f891c2650ce587bc9a3a52b25cac1a9b93f261c (diff) | |
| parent | ab991458ada0ca5b2dae31a04b068711e533abc3 (diff) | |
| download | nextcloud-server-d3752ca1e925c3aed46c13f7ea26c8f540db05e0.tar.gz nextcloud-server-d3752ca1e925c3aed46c13f7ea26c8f540db05e0.zip | |
Merge pull request #15289 from owncloud/min-upload-limit
Require minimum 1 MiB upload limit
| -rw-r--r-- | lib/private/files.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/private/files.php b/lib/private/files.php index e93b98a1891..0f48dca9715 100644 --- a/lib/private/files.php +++ b/lib/private/files.php @@ -52,6 +52,8 @@ class OC_Files { const ZIP_FILES = 2; const ZIP_DIR = 3; + const UPLOAD_MIN_LIMIT_BYTES = 1048576; // 1 MiB + /** * @param string $filename * @param string $name @@ -246,15 +248,17 @@ class OC_Files { * @return bool false on failure, size on success */ static function setUploadLimit($size) { - //don't allow user to break his config -- upper boundary + //don't allow user to break his config if ($size > PHP_INT_MAX) { //max size is always 1 byte lower than computerFileSize returns if ($size > PHP_INT_MAX + 1) return false; $size -= 1; - } else { - $size = OC_Helper::phpFileSize($size); } + if ($size < self::UPLOAD_MIN_LIMIT_BYTES) { + return false; + } + $size = OC_Helper::phpFileSize($size); //don't allow user to break his config -- broken or malicious size input if (intval($size) === 0) { |