aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-06-29 18:39:48 +0000
committerplegall <plg@piwigo.org>2010-06-29 18:39:48 +0000
commit18c6018b2429fdb6186a8f8c114547cd4f7131dc (patch)
treed6576477d38242590870b7ddec92b8dd6706bc3c /admin
parent5fa07ff9681276a5957fe0b53bc6c2fc09042208 (diff)
bug 1747 fixed: some checks were added to verify the upload will fail for a
too big size or if the upload has failed for a too big size (test on upload_max_filesize and post_max_size) git-svn-id: http://piwigo.org/svn/branches/2.1@6624 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/include/functions_upload.inc.php78
-rw-r--r--admin/include/uploadify/uploadify.php29
-rw-r--r--admin/photos_add_direct.php80
-rw-r--r--admin/themes/default/template/photos_add_direct.tpl47
4 files changed, 214 insertions, 20 deletions
diff --git a/admin/include/functions_upload.inc.php b/admin/include/functions_upload.inc.php
index d1aed33ca..bfd5d5107 100644
--- a/admin/include/functions_upload.inc.php
+++ b/admin/include/functions_upload.inc.php
@@ -299,4 +299,82 @@ function is_valid_image_extension($extension)
{
return in_array(strtolower($extension), array('jpg', 'jpeg', 'png'));
}
+
+function file_upload_error_message($error_code)
+{
+ switch ($error_code) {
+ case UPLOAD_ERR_INI_SIZE:
+ return sprintf(
+ l10n('The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'),
+ get_ini_size('upload_max_filesize', false)
+ );
+ case UPLOAD_ERR_FORM_SIZE:
+ return l10n('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form');
+ case UPLOAD_ERR_PARTIAL:
+ return l10n('The uploaded file was only partially uploaded');
+ case UPLOAD_ERR_NO_FILE:
+ return l10n('No file was uploaded');
+ case UPLOAD_ERR_NO_TMP_DIR:
+ return l10n('Missing a temporary folder');
+ case UPLOAD_ERR_CANT_WRITE:
+ return l10n('Failed to write file to disk');
+ case UPLOAD_ERR_EXTENSION:
+ return l10n('File upload stopped by extension');
+ default:
+ return l10n('Unknown upload error');
+ }
+}
+
+function get_ini_size($ini_key, $in_bytes=true)
+{
+ $size = ini_get($ini_key);
+
+ if ($in_bytes)
+ {
+ $size = convert_shortand_notation_to_bytes($size);
+ }
+
+ return $size;
+}
+
+function convert_shortand_notation_to_bytes($value)
+{
+ $suffix = substr($value, -1);
+ $multiply_by = null;
+
+ if ('K' == $suffix)
+ {
+ $multiply_by = 1024;
+ }
+ else if ('M' == $suffix)
+ {
+ $multiply_by = 1024*1024;
+ }
+ else if ('G' == $suffix)
+ {
+ $multiply_by = 1024*1024*1024;
+ }
+
+ if (isset($multiply_by))
+ {
+ $value = substr($value, 0, -1);
+ $value*= $multiply_by;
+ }
+
+ return $value;
+}
+
+function add_upload_error($upload_id, $error_message)
+{
+ if (!isset($_SESSION['uploads_error']))
+ {
+ $_SESSION['uploads_error'] = array();
+ }
+ if (!isset($_SESSION['uploads_error'][$upload_id]))
+ {
+ $_SESSION['uploads_error'][$upload_id] = array();
+ }
+
+ array_push($_SESSION['uploads_error'][$upload_id], $error_message);
+}
?> \ No newline at end of file
diff --git a/admin/include/uploadify/uploadify.php b/admin/include/uploadify/uploadify.php
index 44db5a15b..8b3f49bb5 100644
--- a/admin/include/uploadify/uploadify.php
+++ b/admin/include/uploadify/uploadify.php
@@ -11,13 +11,35 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
check_pwg_token();
ob_start();
+echo '$_FILES'."\n";
print_r($_FILES);
+echo '$_POST'."\n";
print_r($_POST);
+echo '$user'."\n";
print_r($user);
$tmp = ob_get_contents();
ob_end_clean();
// error_log($tmp, 3, "/tmp/php-".date('YmdHis').'-'.sprintf('%020u', rand()).".log");
+if ($_FILES['Filedata']['error'] !== UPLOAD_ERR_OK)
+{
+ $error_message = file_upload_error_message($_FILES['Filedata']['error']);
+
+ add_upload_error(
+ $_POST['upload_id'],
+ sprintf(
+ l10n('Error on file "%s" : %s'),
+ $_FILES['Filedata']['name'],
+ $error_message
+ )
+ );
+
+ echo "File Size Error";
+ exit();
+}
+
+ob_start();
+
$image_id = add_uploaded_file(
$_FILES['Filedata']['tmp_name'],
$_FILES['Filedata']['name'],
@@ -40,5 +62,12 @@ array_push(
$image_id
);
+$output = ob_get_contents();
+ob_end_clean();
+if (!empty($output))
+{
+ add_upload_error($_POST['upload_id'], $output);
+}
+
echo "1";
?> \ No newline at end of file
diff --git a/admin/photos_add_direct.php b/admin/photos_add_direct.php
index 6a7aea884..1026abd17 100644
--- a/admin/photos_add_direct.php
+++ b/admin/photos_add_direct.php
@@ -62,15 +62,33 @@ DELETE FROM '.CADDIE_TABLE.'
// | process form |
// +-----------------------------------------------------------------------+
-if (isset($_POST['submit_upload']))
+if (isset($_GET['processed']))
{
// echo '<pre>POST'."\n"; print_r($_POST); echo '</pre>';
// echo '<pre>FILES'."\n"; print_r($_FILES); echo '</pre>';
// echo '<pre>SESSION'."\n"; print_r($_SESSION); echo '</pre>';
// exit();
+
+ // sometimes, you have submitted the form but you have nothing in $_POST
+ // and $_FILES. This may happen when you have an HTML upload and you
+ // exceeded the post_max_size (but not the upload_max_size)
+ if (!isset($_POST['submit_upload']))
+ {
+ array_push(
+ $page['errors'],
+ sprintf(
+ l10n('The uploaded files exceed the post_max_size directive in php.ini: %sB'),
+ ini_get('post_max_size')
+ )
+ );
+ }
$category_id = null;
- if ('existing' == $_POST['category_type'])
+ if (!isset($_POST['category_type']))
+ {
+ // nothing to do, we certainly have the post_max_size issue
+ }
+ elseif ('existing' == $_POST['category_type'])
{
$category_id = $_POST['category'];
}
@@ -193,6 +211,19 @@ if (isset($_POST['submit_upload']))
// TODO: if $image_id is not an integer, something went wrong
}
}
+ else
+ {
+ $error_message = file_upload_error_message($error);
+
+ array_push(
+ $page['errors'],
+ sprintf(
+ l10n('Error on file "%s" : %s'),
+ $_FILES['image_upload']['name'][$idx],
+ $error_message
+ )
+ );
+ }
}
$endtime = get_moment();
@@ -204,21 +235,32 @@ if (isset($_POST['submit_upload']))
if (isset($_POST['upload_id']))
{
// we're on a multiple upload, with uploadify and so on
- $image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];
+ if (isset($_SESSION['uploads_error'][ $_POST['upload_id'] ]))
+ {
+ foreach ($_SESSION['uploads_error'][ $_POST['upload_id'] ] as $error)
+ {
+ array_push($page['errors'], $error);
+ }
+ }
- associate_images_to_categories(
- $image_ids,
- array($category_id)
- );
+ if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
+ {
+ $image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];
- $query = '
+ associate_images_to_categories(
+ $image_ids,
+ array($category_id)
+ );
+
+ $query = '
UPDATE '.IMAGES_TABLE.'
SET level = '.$_POST['level'].'
WHERE id IN ('.implode(', ', $image_ids).')
;';
- pwg_query($query);
+ pwg_query($query);
- invalidate_user_cache();
+ invalidate_user_cache();
+ }
}
$page['thumbnails'] = array();
@@ -325,6 +367,10 @@ $template->assign(
array(
'F_ADD_ACTION'=> PHOTOS_ADD_BASE_URL,
'uploadify_path' => $uploadify_path,
+ 'upload_max_filesize' => min(
+ get_ini_size('upload_max_filesize'),
+ get_ini_size('post_max_size')
+ ),
)
);
@@ -345,10 +391,12 @@ $upload_switch = $upload_modes[ ($upload_mode_index + 1) % 2 ];
$template->assign(
array(
'upload_mode' => $upload_mode,
+ 'form_action' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode.'&amp;processed=1',
'switch_url' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_switch,
'upload_id' => md5(rand()),
'session_id' => session_id(),
'pwg_token' => get_pwg_token(),
+ 'another_upload_link' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode,
)
);
@@ -464,6 +512,18 @@ if ($conf['use_exif'] and !function_exists('read_exif_data'))
);
}
+if (get_ini_size('upload_max_filesize') > get_ini_size('post_max_size'))
+{
+ array_push(
+ $setup_warnings,
+ sprintf(
+ l10n('In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'),
+ get_ini_size('upload_max_filesize', false),
+ get_ini_size('post_max_size', false)
+ )
+ );
+}
+
$template->assign(
array(
'setup_errors'=> $setup_errors,
diff --git a/admin/themes/default/template/photos_add_direct.tpl b/admin/themes/default/template/photos_add_direct.tpl
index ff1ada8e2..91d191ecb 100644
--- a/admin/themes/default/template/photos_add_direct.tpl
+++ b/admin/themes/default/template/photos_add_direct.tpl
@@ -49,6 +49,26 @@ jQuery(document).ready(function(){
}
+ function humanReadableFileSize(bytes) {
+ var byteSize = Math.round(bytes / 1024 * 100) * .01;
+ var suffix = 'KB';
+
+ if (byteSize > 1000) {
+ byteSize = Math.round(byteSize *.001 * 100) * .01;
+ suffix = 'MB';
+ }
+
+ var sizeParts = byteSize.toString().split('.');
+ if (sizeParts.length > 1) {
+ byteSize = sizeParts[0] + '.' + sizeParts[1].substr(0,2);
+ }
+ else {
+ byteSize = sizeParts[0];
+ }
+
+ return byteSize+suffix;
+ }
+
if ($("select[name=category] option").length == 0) {
$('input[name=category_type][value=existing]').attr('disabled', true);
$('input[name=category_type]').attr('checked', false);
@@ -90,6 +110,7 @@ var upload_id = '{$upload_id}';
var session_id = '{$session_id}';
var pwg_token = '{$pwg_token}';
var buttonText = 'Browse';
+var sizeLimit = {$upload_max_filesize};
{literal}
jQuery("#uploadify").uploadify({
@@ -108,6 +129,7 @@ var buttonText = 'Browse';
'multi' : true,
'fileDesc' : 'Photo files (*.jpg,*.jpeg,*.png)',
'fileExt' : '*.jpg;*.JPG;*.jpeg;*.JPEG;*.png;*.PNG',
+ 'sizeLimit' : sizeLimit,
'onAllComplete' : function(event, data) {
if (data.errors) {
return false;
@@ -118,18 +140,23 @@ var buttonText = 'Browse';
},
onError: function (event, queueID ,fileObj, errorObj) {
var msg;
- if (errorObj.status == 404) {
- alert('Could not find upload script.');
- msg = 'Could not find upload script.';
- }
- else if (errorObj.type === "HTTP") {
- msg = errorObj.type+": "+errorObj.status;
+
+ if (errorObj.type === "HTTP") {
+ if (errorObj.info === 404) {
+ alert('Could not find upload script.');
+ msg = 'Could not find upload script.';
+ }
+ else {
+ msg = errorObj.type+": "+errorObj.info;
+ }
}
else if (errorObj.type ==="File Size") {
- msg = fileObj.name+'<br>'+errorObj.type+' Limit: '+Math.round(errorObj.sizeLimit/1024)+'KB';
+ msg = "File too big";
+ msg = msg + '<br>'+fileObj.name+': '+humanReadableFileSize(fileObj.size);
+ msg = msg + '<br>Limit: '+humanReadableFileSize(sizeLimit);
}
else {
- msg = errorObj.type+": "+errorObj.text;
+ msg = errorObj.type+": "+errorObj.info;
}
$.jGrowl(
@@ -239,7 +266,7 @@ var buttonText = 'Browse';
</div>
<p id="batchLink"><a href="{$batch_link}">{$batch_label}</a></p>
</fieldset>
-<p><a href="">{'Add another set of photos'|@translate}</a></p>
+<p><a href="{$another_upload_link}">{'Add another set of photos'|@translate}</a></p>
{else}
<div id="formErrors" class="errors" style="display:none">
@@ -250,7 +277,7 @@ var buttonText = 'Browse';
<div class="hideButton" style="text-align:center"><a href="#" id="hideErrors">{'Hide'|@translate}</a></div>
</div>
-<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$F_ACTION}" class="properties">
+<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$form_action}" class="properties">
<fieldset>
<legend>{'Drop into category'|@translate}</legend>
{if $upload_mode eq 'multiple'}