From 18c6018b2429fdb6186a8f8c114547cd4f7131dc Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 29 Jun 2010 18:39:48 +0000 Subject: [PATCH] bug 1747 fixed: some checks were added to verify the upload will fail for a too big size or if the upload has failed for a too big size (test on upload_max_filesize and post_max_size) git-svn-id: http://piwigo.org/svn/branches/2.1@6624 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/include/functions_upload.inc.php | 78 ++++++++++++++++++ admin/include/uploadify/uploadify.php | 29 +++++++ admin/photos_add_direct.php | 80 ++++++++++++++++--- .../default/template/photos_add_direct.tpl | 47 ++++++++--- language/en_UK/admin.lang.php | 12 +++ language/fr_FR/admin.lang.php | 12 +++ 6 files changed, 238 insertions(+), 20 deletions(-) diff --git a/admin/include/functions_upload.inc.php b/admin/include/functions_upload.inc.php index d1aed33ca..bfd5d5107 100644 --- a/admin/include/functions_upload.inc.php +++ b/admin/include/functions_upload.inc.php @@ -299,4 +299,82 @@ function is_valid_image_extension($extension) { return in_array(strtolower($extension), array('jpg', 'jpeg', 'png')); } + +function file_upload_error_message($error_code) +{ + switch ($error_code) { + case UPLOAD_ERR_INI_SIZE: + return sprintf( + l10n('The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'), + get_ini_size('upload_max_filesize', false) + ); + case UPLOAD_ERR_FORM_SIZE: + return l10n('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'); + case UPLOAD_ERR_PARTIAL: + return l10n('The uploaded file was only partially uploaded'); + case UPLOAD_ERR_NO_FILE: + return l10n('No file was uploaded'); + case UPLOAD_ERR_NO_TMP_DIR: + return l10n('Missing a temporary folder'); + case UPLOAD_ERR_CANT_WRITE: + return l10n('Failed to write file to disk'); + case UPLOAD_ERR_EXTENSION: + return l10n('File upload stopped by extension'); + default: + return l10n('Unknown upload error'); + } +} + +function get_ini_size($ini_key, $in_bytes=true) +{ + $size = ini_get($ini_key); + + if ($in_bytes) + { + $size = convert_shortand_notation_to_bytes($size); + } + + return $size; +} + +function convert_shortand_notation_to_bytes($value) +{ + $suffix = substr($value, -1); + $multiply_by = null; + + if ('K' == $suffix) + { + $multiply_by = 1024; + } + else if ('M' == $suffix) + { + $multiply_by = 1024*1024; + } + else if ('G' == $suffix) + { + $multiply_by = 1024*1024*1024; + } + + if (isset($multiply_by)) + { + $value = substr($value, 0, -1); + $value*= $multiply_by; + } + + return $value; +} + +function add_upload_error($upload_id, $error_message) +{ + if (!isset($_SESSION['uploads_error'])) + { + $_SESSION['uploads_error'] = array(); + } + if (!isset($_SESSION['uploads_error'][$upload_id])) + { + $_SESSION['uploads_error'][$upload_id] = array(); + } + + array_push($_SESSION['uploads_error'][$upload_id], $error_message); +} ?> \ No newline at end of file diff --git a/admin/include/uploadify/uploadify.php b/admin/include/uploadify/uploadify.php index 44db5a15b..8b3f49bb5 100644 --- a/admin/include/uploadify/uploadify.php +++ b/admin/include/uploadify/uploadify.php @@ -11,13 +11,35 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); check_pwg_token(); ob_start(); +echo '$_FILES'."\n"; print_r($_FILES); +echo '$_POST'."\n"; print_r($_POST); +echo '$user'."\n"; print_r($user); $tmp = ob_get_contents(); ob_end_clean(); // error_log($tmp, 3, "/tmp/php-".date('YmdHis').'-'.sprintf('%020u', rand()).".log"); +if ($_FILES['Filedata']['error'] !== UPLOAD_ERR_OK) +{ + $error_message = file_upload_error_message($_FILES['Filedata']['error']); + + add_upload_error( + $_POST['upload_id'], + sprintf( + l10n('Error on file "%s" : %s'), + $_FILES['Filedata']['name'], + $error_message + ) + ); + + echo "File Size Error"; + exit(); +} + +ob_start(); + $image_id = add_uploaded_file( $_FILES['Filedata']['tmp_name'], $_FILES['Filedata']['name'], @@ -40,5 +62,12 @@ array_push( $image_id ); +$output = ob_get_contents(); +ob_end_clean(); +if (!empty($output)) +{ + add_upload_error($_POST['upload_id'], $output); +} + echo "1"; ?> \ No newline at end of file diff --git a/admin/photos_add_direct.php b/admin/photos_add_direct.php index 6a7aea884..1026abd17 100644 --- a/admin/photos_add_direct.php +++ b/admin/photos_add_direct.php @@ -62,15 +62,33 @@ DELETE FROM '.CADDIE_TABLE.' // | process form | // +-----------------------------------------------------------------------+ -if (isset($_POST['submit_upload'])) +if (isset($_GET['processed'])) { // echo '
POST'."\n"; print_r($_POST); echo '
'; // echo '
FILES'."\n"; print_r($_FILES); echo '
'; // echo '
SESSION'."\n"; print_r($_SESSION); echo '
'; // exit(); + + // sometimes, you have submitted the form but you have nothing in $_POST + // and $_FILES. This may happen when you have an HTML upload and you + // exceeded the post_max_size (but not the upload_max_size) + if (!isset($_POST['submit_upload'])) + { + array_push( + $page['errors'], + sprintf( + l10n('The uploaded files exceed the post_max_size directive in php.ini: %sB'), + ini_get('post_max_size') + ) + ); + } $category_id = null; - if ('existing' == $_POST['category_type']) + if (!isset($_POST['category_type'])) + { + // nothing to do, we certainly have the post_max_size issue + } + elseif ('existing' == $_POST['category_type']) { $category_id = $_POST['category']; } @@ -193,6 +211,19 @@ if (isset($_POST['submit_upload'])) // TODO: if $image_id is not an integer, something went wrong } } + else + { + $error_message = file_upload_error_message($error); + + array_push( + $page['errors'], + sprintf( + l10n('Error on file "%s" : %s'), + $_FILES['image_upload']['name'][$idx], + $error_message + ) + ); + } } $endtime = get_moment(); @@ -204,21 +235,32 @@ if (isset($_POST['submit_upload'])) if (isset($_POST['upload_id'])) { // we're on a multiple upload, with uploadify and so on - $image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ]; + if (isset($_SESSION['uploads_error'][ $_POST['upload_id'] ])) + { + foreach ($_SESSION['uploads_error'][ $_POST['upload_id'] ] as $error) + { + array_push($page['errors'], $error); + } + } - associate_images_to_categories( - $image_ids, - array($category_id) - ); + if (isset($_SESSION['uploads'][ $_POST['upload_id'] ])) + { + $image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ]; - $query = ' + associate_images_to_categories( + $image_ids, + array($category_id) + ); + + $query = ' UPDATE '.IMAGES_TABLE.' SET level = '.$_POST['level'].' WHERE id IN ('.implode(', ', $image_ids).') ;'; - pwg_query($query); + pwg_query($query); - invalidate_user_cache(); + invalidate_user_cache(); + } } $page['thumbnails'] = array(); @@ -325,6 +367,10 @@ $template->assign( array( 'F_ADD_ACTION'=> PHOTOS_ADD_BASE_URL, 'uploadify_path' => $uploadify_path, + 'upload_max_filesize' => min( + get_ini_size('upload_max_filesize'), + get_ini_size('post_max_size') + ), ) ); @@ -345,10 +391,12 @@ $upload_switch = $upload_modes[ ($upload_mode_index + 1) % 2 ]; $template->assign( array( 'upload_mode' => $upload_mode, + 'form_action' => PHOTOS_ADD_BASE_URL.'&upload_mode='.$upload_mode.'&processed=1', 'switch_url' => PHOTOS_ADD_BASE_URL.'&upload_mode='.$upload_switch, 'upload_id' => md5(rand()), 'session_id' => session_id(), 'pwg_token' => get_pwg_token(), + 'another_upload_link' => PHOTOS_ADD_BASE_URL.'&upload_mode='.$upload_mode, ) ); @@ -464,6 +512,18 @@ if ($conf['use_exif'] and !function_exists('read_exif_data')) ); } +if (get_ini_size('upload_max_filesize') > get_ini_size('post_max_size')) +{ + array_push( + $setup_warnings, + sprintf( + l10n('In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'), + get_ini_size('upload_max_filesize', false), + get_ini_size('post_max_size', false) + ) + ); +} + $template->assign( array( 'setup_errors'=> $setup_errors, diff --git a/admin/themes/default/template/photos_add_direct.tpl b/admin/themes/default/template/photos_add_direct.tpl index ff1ada8e2..91d191ecb 100644 --- a/admin/themes/default/template/photos_add_direct.tpl +++ b/admin/themes/default/template/photos_add_direct.tpl @@ -49,6 +49,26 @@ jQuery(document).ready(function(){ } + function humanReadableFileSize(bytes) { + var byteSize = Math.round(bytes / 1024 * 100) * .01; + var suffix = 'KB'; + + if (byteSize > 1000) { + byteSize = Math.round(byteSize *.001 * 100) * .01; + suffix = 'MB'; + } + + var sizeParts = byteSize.toString().split('.'); + if (sizeParts.length > 1) { + byteSize = sizeParts[0] + '.' + sizeParts[1].substr(0,2); + } + else { + byteSize = sizeParts[0]; + } + + return byteSize+suffix; + } + if ($("select[name=category] option").length == 0) { $('input[name=category_type][value=existing]').attr('disabled', true); $('input[name=category_type]').attr('checked', false); @@ -90,6 +110,7 @@ var upload_id = '{$upload_id}'; var session_id = '{$session_id}'; var pwg_token = '{$pwg_token}'; var buttonText = 'Browse'; +var sizeLimit = {$upload_max_filesize}; {literal} jQuery("#uploadify").uploadify({ @@ -108,6 +129,7 @@ var buttonText = 'Browse'; 'multi' : true, 'fileDesc' : 'Photo files (*.jpg,*.jpeg,*.png)', 'fileExt' : '*.jpg;*.JPG;*.jpeg;*.JPEG;*.png;*.PNG', + 'sizeLimit' : sizeLimit, 'onAllComplete' : function(event, data) { if (data.errors) { return false; @@ -118,18 +140,23 @@ var buttonText = 'Browse'; }, onError: function (event, queueID ,fileObj, errorObj) { var msg; - if (errorObj.status == 404) { - alert('Could not find upload script.'); - msg = 'Could not find upload script.'; - } - else if (errorObj.type === "HTTP") { - msg = errorObj.type+": "+errorObj.status; + + if (errorObj.type === "HTTP") { + if (errorObj.info === 404) { + alert('Could not find upload script.'); + msg = 'Could not find upload script.'; + } + else { + msg = errorObj.type+": "+errorObj.info; + } } else if (errorObj.type ==="File Size") { - msg = fileObj.name+'
'+errorObj.type+' Limit: '+Math.round(errorObj.sizeLimit/1024)+'KB'; + msg = "File too big"; + msg = msg + '
'+fileObj.name+': '+humanReadableFileSize(fileObj.size); + msg = msg + '
Limit: '+humanReadableFileSize(sizeLimit); } else { - msg = errorObj.type+": "+errorObj.text; + msg = errorObj.type+": "+errorObj.info; } $.jGrowl( @@ -239,7 +266,7 @@ var buttonText = 'Browse'; -

{'Add another set of photos'|@translate}

+

{'Add another set of photos'|@translate}

{else} -
+
{'Drop into category'|@translate} {if $upload_mode eq 'multiple'} diff --git a/language/en_UK/admin.lang.php b/language/en_UK/admin.lang.php index 0bb006327..3796878b8 100644 --- a/language/en_UK/admin.lang.php +++ b/language/en_UK/admin.lang.php @@ -758,4 +758,16 @@ $lang['Add another set of photos'] = 'Add another set of photos'; $lang['Order of menubar items has been updated successfully.'] = 'Order of menubar items has been updated successfully.'; $lang['This theme was not designed to be directly activated'] = 'This theme was not designed to be directly activated'; $lang['Pending Comments'] = 'Pending Comments'; +$lang['In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'] = 'In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'; +$lang['Exif extension not available, admin should disable exif use'] = 'Exif extension not available, admin should disable exif use'; +$lang['The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'] = 'The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'; +$lang['The uploaded files exceed the post_max_size directive in php.ini: %sB'] = 'The uploaded files exceed the post_max_size directive in php.ini: %sB'; +$lang['The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'] = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'; +$lang['The uploaded file was only partially uploaded'] = 'The uploaded file was only partially uploaded'; +$lang['No file was uploaded'] = 'No file was uploaded'; +$lang['Missing a temporary folder'] = 'Missing a temporary folder'; +$lang['Failed to write file to disk'] = 'Failed to write file to disk'; +$lang['File upload stopped by extension'] = 'File upload stopped by extension'; +$lang['Unknown upload error'] = 'Unknown upload error'; +$lang['Error on file "%s" : %s'] = 'Error on file "%s" : %s'; ?> \ No newline at end of file diff --git a/language/fr_FR/admin.lang.php b/language/fr_FR/admin.lang.php index 5ea001639..d72566eca 100644 --- a/language/fr_FR/admin.lang.php +++ b/language/fr_FR/admin.lang.php @@ -762,4 +762,16 @@ $lang['Add another set of photos'] = 'Ajouter d\'autres photos'; $lang['Order of menubar items has been updated successfully.'] = 'L\'ordre des éléments du menu a été mis à jour avec succès.'; $lang['This theme was not designed to be directly activated'] = 'Ce thème n\'est pas conçu pour être activé directement'; $lang['Pending Comments'] = 'Commentaires en attente'; +$lang['In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'] = 'Dans votre fichier php.ini, la variable upload_max_filesize (%sB) est plus grande que post_max_size (%sB), vous devriez modifier ce paramétrage'; +$lang['Exif extension not available, admin should disable exif use'] = 'L\'extension Exif n\'est pas disponible, un administrateur devrait désactiver l\'utilisation des métadonnées Exif'; +$lang['The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'] = 'Le poids du fichier transféré dépasse la valeur de upload_max_filesize définie dans votre fichier php.ini: %sB'; +$lang['The uploaded files exceed the post_max_size directive in php.ini: %sB'] = 'Le poids total des fichiers transférés dépasse la valeur de post_max_size dans votre fichier php.ini: %sB'; +$lang['The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'] = 'Le poids du fichier transféré dépasse la valeur de MAX_FILE_SIZE définie dans le formulaire HTML'; +$lang['The uploaded file was only partially uploaded'] = 'Le fichier n\é até que partiellement transféré'; +$lang['No file was uploaded'] = 'Aucun fichier n\'a été transféré'; +$lang['Missing a temporary folder'] = 'Impossible de trouver le répertoire temporaire'; +$lang['Failed to write file to disk'] = 'Échec à l\'écriture du fichier sur le serveur'; +$lang['File upload stopped by extension'] = 'Le transfert du fichier a été arrêté par une extension'; +$lang['Unknown upload error'] = 'Erreur inconnue survenue lors du transfert'; +$lang['Error on file "%s" : %s'] = 'Erreur sur le fichier "%s" : %s'; ?> \ No newline at end of file