bug 1747 fixed: some checks were added to verify the upload will fail for a

too big size or if the upload has failed for a too big size (test on
upload_max_filesize and post_max_size)


git-svn-id: http://piwigo.org/svn/branches/2.1@6624 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2010-06-29 18:39:48 +00:00
parent 5fa07ff968
commit 18c6018b24
6 changed files with 238 additions and 20 deletions

View file

@ -299,4 +299,82 @@ function is_valid_image_extension($extension)
{
return in_array(strtolower($extension), array('jpg', 'jpeg', 'png'));
}
function file_upload_error_message($error_code)
{
switch ($error_code) {
case UPLOAD_ERR_INI_SIZE:
return sprintf(
l10n('The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'),
get_ini_size('upload_max_filesize', false)
);
case UPLOAD_ERR_FORM_SIZE:
return l10n('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form');
case UPLOAD_ERR_PARTIAL:
return l10n('The uploaded file was only partially uploaded');
case UPLOAD_ERR_NO_FILE:
return l10n('No file was uploaded');
case UPLOAD_ERR_NO_TMP_DIR:
return l10n('Missing a temporary folder');
case UPLOAD_ERR_CANT_WRITE:
return l10n('Failed to write file to disk');
case UPLOAD_ERR_EXTENSION:
return l10n('File upload stopped by extension');
default:
return l10n('Unknown upload error');
}
}
function get_ini_size($ini_key, $in_bytes=true)
{
$size = ini_get($ini_key);
if ($in_bytes)
{
$size = convert_shortand_notation_to_bytes($size);
}
return $size;
}
function convert_shortand_notation_to_bytes($value)
{
$suffix = substr($value, -1);
$multiply_by = null;
if ('K' == $suffix)
{
$multiply_by = 1024;
}
else if ('M' == $suffix)
{
$multiply_by = 1024*1024;
}
else if ('G' == $suffix)
{
$multiply_by = 1024*1024*1024;
}
if (isset($multiply_by))
{
$value = substr($value, 0, -1);
$value*= $multiply_by;
}
return $value;
}
function add_upload_error($upload_id, $error_message)
{
if (!isset($_SESSION['uploads_error']))
{
$_SESSION['uploads_error'] = array();
}
if (!isset($_SESSION['uploads_error'][$upload_id]))
{
$_SESSION['uploads_error'][$upload_id] = array();
}
array_push($_SESSION['uploads_error'][$upload_id], $error_message);
}
?>

View file

@ -11,13 +11,35 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
check_pwg_token();
ob_start();
echo '$_FILES'."\n";
print_r($_FILES);
echo '$_POST'."\n";
print_r($_POST);
echo '$user'."\n";
print_r($user);
$tmp = ob_get_contents();
ob_end_clean();
// error_log($tmp, 3, "/tmp/php-".date('YmdHis').'-'.sprintf('%020u', rand()).".log");
if ($_FILES['Filedata']['error'] !== UPLOAD_ERR_OK)
{
$error_message = file_upload_error_message($_FILES['Filedata']['error']);
add_upload_error(
$_POST['upload_id'],
sprintf(
l10n('Error on file "%s" : %s'),
$_FILES['Filedata']['name'],
$error_message
)
);
echo "File Size Error";
exit();
}
ob_start();
$image_id = add_uploaded_file(
$_FILES['Filedata']['tmp_name'],
$_FILES['Filedata']['name'],
@ -40,5 +62,12 @@ array_push(
$image_id
);
$output = ob_get_contents();
ob_end_clean();
if (!empty($output))
{
add_upload_error($_POST['upload_id'], $output);
}
echo "1";
?>

View file

@ -62,15 +62,33 @@ DELETE FROM '.CADDIE_TABLE.'
// | process form |
// +-----------------------------------------------------------------------+
if (isset($_POST['submit_upload']))
if (isset($_GET['processed']))
{
// echo '<pre>POST'."\n"; print_r($_POST); echo '</pre>';
// echo '<pre>FILES'."\n"; print_r($_FILES); echo '</pre>';
// echo '<pre>SESSION'."\n"; print_r($_SESSION); echo '</pre>';
// exit();
// sometimes, you have submitted the form but you have nothing in $_POST
// and $_FILES. This may happen when you have an HTML upload and you
// exceeded the post_max_size (but not the upload_max_size)
if (!isset($_POST['submit_upload']))
{
array_push(
$page['errors'],
sprintf(
l10n('The uploaded files exceed the post_max_size directive in php.ini: %sB'),
ini_get('post_max_size')
)
);
}
$category_id = null;
if ('existing' == $_POST['category_type'])
if (!isset($_POST['category_type']))
{
// nothing to do, we certainly have the post_max_size issue
}
elseif ('existing' == $_POST['category_type'])
{
$category_id = $_POST['category'];
}
@ -193,6 +211,19 @@ if (isset($_POST['submit_upload']))
// TODO: if $image_id is not an integer, something went wrong
}
}
else
{
$error_message = file_upload_error_message($error);
array_push(
$page['errors'],
sprintf(
l10n('Error on file "%s" : %s'),
$_FILES['image_upload']['name'][$idx],
$error_message
)
);
}
}
$endtime = get_moment();
@ -204,21 +235,32 @@ if (isset($_POST['submit_upload']))
if (isset($_POST['upload_id']))
{
// we're on a multiple upload, with uploadify and so on
$image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];
if (isset($_SESSION['uploads_error'][ $_POST['upload_id'] ]))
{
foreach ($_SESSION['uploads_error'][ $_POST['upload_id'] ] as $error)
{
array_push($page['errors'], $error);
}
}
associate_images_to_categories(
$image_ids,
array($category_id)
);
if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
{
$image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];
$query = '
associate_images_to_categories(
$image_ids,
array($category_id)
);
$query = '
UPDATE '.IMAGES_TABLE.'
SET level = '.$_POST['level'].'
WHERE id IN ('.implode(', ', $image_ids).')
;';
pwg_query($query);
pwg_query($query);
invalidate_user_cache();
invalidate_user_cache();
}
}
$page['thumbnails'] = array();
@ -325,6 +367,10 @@ $template->assign(
array(
'F_ADD_ACTION'=> PHOTOS_ADD_BASE_URL,
'uploadify_path' => $uploadify_path,
'upload_max_filesize' => min(
get_ini_size('upload_max_filesize'),
get_ini_size('post_max_size')
),
)
);
@ -345,10 +391,12 @@ $upload_switch = $upload_modes[ ($upload_mode_index + 1) % 2 ];
$template->assign(
array(
'upload_mode' => $upload_mode,
'form_action' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode.'&amp;processed=1',
'switch_url' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_switch,
'upload_id' => md5(rand()),
'session_id' => session_id(),
'pwg_token' => get_pwg_token(),
'another_upload_link' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode,
)
);
@ -464,6 +512,18 @@ if ($conf['use_exif'] and !function_exists('read_exif_data'))
);
}
if (get_ini_size('upload_max_filesize') > get_ini_size('post_max_size'))
{
array_push(
$setup_warnings,
sprintf(
l10n('In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'),
get_ini_size('upload_max_filesize', false),
get_ini_size('post_max_size', false)
)
);
}
$template->assign(
array(
'setup_errors'=> $setup_errors,

View file

@ -49,6 +49,26 @@ jQuery(document).ready(function(){
}
function humanReadableFileSize(bytes) {
var byteSize = Math.round(bytes / 1024 * 100) * .01;
var suffix = 'KB';
if (byteSize > 1000) {
byteSize = Math.round(byteSize *.001 * 100) * .01;
suffix = 'MB';
}
var sizeParts = byteSize.toString().split('.');
if (sizeParts.length > 1) {
byteSize = sizeParts[0] + '.' + sizeParts[1].substr(0,2);
}
else {
byteSize = sizeParts[0];
}
return byteSize+suffix;
}
if ($("select[name=category] option").length == 0) {
$('input[name=category_type][value=existing]').attr('disabled', true);
$('input[name=category_type]').attr('checked', false);
@ -90,6 +110,7 @@ var upload_id = '{$upload_id}';
var session_id = '{$session_id}';
var pwg_token = '{$pwg_token}';
var buttonText = 'Browse';
var sizeLimit = {$upload_max_filesize};
{literal}
jQuery("#uploadify").uploadify({
@ -108,6 +129,7 @@ var buttonText = 'Browse';
'multi' : true,
'fileDesc' : 'Photo files (*.jpg,*.jpeg,*.png)',
'fileExt' : '*.jpg;*.JPG;*.jpeg;*.JPEG;*.png;*.PNG',
'sizeLimit' : sizeLimit,
'onAllComplete' : function(event, data) {
if (data.errors) {
return false;
@ -118,18 +140,23 @@ var buttonText = 'Browse';
},
onError: function (event, queueID ,fileObj, errorObj) {
var msg;
if (errorObj.status == 404) {
alert('Could not find upload script.');
msg = 'Could not find upload script.';
}
else if (errorObj.type === "HTTP") {
msg = errorObj.type+": "+errorObj.status;
if (errorObj.type === "HTTP") {
if (errorObj.info === 404) {
alert('Could not find upload script.');
msg = 'Could not find upload script.';
}
else {
msg = errorObj.type+": "+errorObj.info;
}
}
else if (errorObj.type ==="File Size") {
msg = fileObj.name+'<br>'+errorObj.type+' Limit: '+Math.round(errorObj.sizeLimit/1024)+'KB';
msg = "File too big";
msg = msg + '<br>'+fileObj.name+': '+humanReadableFileSize(fileObj.size);
msg = msg + '<br>Limit: '+humanReadableFileSize(sizeLimit);
}
else {
msg = errorObj.type+": "+errorObj.text;
msg = errorObj.type+": "+errorObj.info;
}
$.jGrowl(
@ -239,7 +266,7 @@ var buttonText = 'Browse';
</div>
<p id="batchLink"><a href="{$batch_link}">{$batch_label}</a></p>
</fieldset>
<p><a href="">{'Add another set of photos'|@translate}</a></p>
<p><a href="{$another_upload_link}">{'Add another set of photos'|@translate}</a></p>
{else}
<div id="formErrors" class="errors" style="display:none">
@ -250,7 +277,7 @@ var buttonText = 'Browse';
<div class="hideButton" style="text-align:center"><a href="#" id="hideErrors">{'Hide'|@translate}</a></div>
</div>
<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$F_ACTION}" class="properties">
<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$form_action}" class="properties">
<fieldset>
<legend>{'Drop into category'|@translate}</legend>
{if $upload_mode eq 'multiple'}

View file

@ -758,4 +758,16 @@ $lang['Add another set of photos'] = 'Add another set of photos';
$lang['Order of menubar items has been updated successfully.'] = 'Order of menubar items has been updated successfully.';
$lang['This theme was not designed to be directly activated'] = 'This theme was not designed to be directly activated';
$lang['Pending Comments'] = 'Pending Comments';
$lang['In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'] = 'In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting';
$lang['Exif extension not available, admin should disable exif use'] = 'Exif extension not available, admin should disable exif use';
$lang['The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'] = 'The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB';
$lang['The uploaded files exceed the post_max_size directive in php.ini: %sB'] = 'The uploaded files exceed the post_max_size directive in php.ini: %sB';
$lang['The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'] = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
$lang['The uploaded file was only partially uploaded'] = 'The uploaded file was only partially uploaded';
$lang['No file was uploaded'] = 'No file was uploaded';
$lang['Missing a temporary folder'] = 'Missing a temporary folder';
$lang['Failed to write file to disk'] = 'Failed to write file to disk';
$lang['File upload stopped by extension'] = 'File upload stopped by extension';
$lang['Unknown upload error'] = 'Unknown upload error';
$lang['Error on file "%s" : %s'] = 'Error on file "%s" : %s';
?>

View file

@ -762,4 +762,16 @@ $lang['Add another set of photos'] = 'Ajouter d\'autres photos';
$lang['Order of menubar items has been updated successfully.'] = 'L\'ordre des éléments du menu a été mis à jour avec succès.';
$lang['This theme was not designed to be directly activated'] = 'Ce thème n\'est pas conçu pour être activé directement';
$lang['Pending Comments'] = 'Commentaires en attente';
$lang['In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'] = 'Dans votre fichier php.ini, la variable upload_max_filesize (%sB) est plus grande que post_max_size (%sB), vous devriez modifier ce paramétrage';
$lang['Exif extension not available, admin should disable exif use'] = 'L\'extension Exif n\'est pas disponible, un administrateur devrait désactiver l\'utilisation des métadonnées Exif';
$lang['The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'] = 'Le poids du fichier transféré dépasse la valeur de upload_max_filesize définie dans votre fichier php.ini: %sB';
$lang['The uploaded files exceed the post_max_size directive in php.ini: %sB'] = 'Le poids total des fichiers transférés dépasse la valeur de post_max_size dans votre fichier php.ini: %sB';
$lang['The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'] = 'Le poids du fichier transféré dépasse la valeur de MAX_FILE_SIZE définie dans le formulaire HTML';
$lang['The uploaded file was only partially uploaded'] = 'Le fichier n\é até que partiellement transféré';
$lang['No file was uploaded'] = 'Aucun fichier n\'a été transféré';
$lang['Missing a temporary folder'] = 'Impossible de trouver le répertoire temporaire';
$lang['Failed to write file to disk'] = 'Échec à l\'écriture du fichier sur le serveur';
$lang['File upload stopped by extension'] = 'Le transfert du fichier a été arrêté par une extension';
$lang['Unknown upload error'] = 'Erreur inconnue survenue lors du transfert';
$lang['Error on file "%s" : %s'] = 'Erreur sur le fichier "%s" : %s';
?>