diff options
author | Robin McCorkell <rmccorkell@karoshi.org.uk> | 2015-03-27 23:43:35 +0000 |
---|---|---|
committer | Robin McCorkell <rmccorkell@karoshi.org.uk> | 2015-03-27 23:43:35 +0000 |
commit | ab991458ada0ca5b2dae31a04b068711e533abc3 (patch) | |
tree | b757c6d688b8c7016273cdc7b6fcf73c17714d67 /lib/private/files.php | |
parent | d55b88c043adcd40c51999a26b47d39cc8e1a183 (diff) | |
download | nextcloud-server-ab991458ada0ca5b2dae31a04b068711e533abc3.tar.gz nextcloud-server-ab991458ada0ca5b2dae31a04b068711e533abc3.zip |
Require minimum 1 MiB upload limit
Diffstat (limited to 'lib/private/files.php')
-rw-r--r-- | lib/private/files.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/private/files.php b/lib/private/files.php index e93b98a1891..0f48dca9715 100644 --- a/lib/private/files.php +++ b/lib/private/files.php @@ -52,6 +52,8 @@ class OC_Files { const ZIP_FILES = 2; const ZIP_DIR = 3; + const UPLOAD_MIN_LIMIT_BYTES = 1048576; // 1 MiB + /** * @param string $filename * @param string $name @@ -246,15 +248,17 @@ class OC_Files { * @return bool false on failure, size on success */ static function setUploadLimit($size) { - //don't allow user to break his config -- upper boundary + //don't allow user to break his config if ($size > PHP_INT_MAX) { //max size is always 1 byte lower than computerFileSize returns if ($size > PHP_INT_MAX + 1) return false; $size -= 1; - } else { - $size = OC_Helper::phpFileSize($size); } + if ($size < self::UPLOAD_MIN_LIMIT_BYTES) { + return false; + } + $size = OC_Helper::phpFileSize($size); //don't allow user to break his config -- broken or malicious size input if (intval($size) === 0) { |