Skip to content

Commit

Permalink
merge r6624 from branch 2.1 to trunk
Browse files Browse the repository at this point in the history 
bug 1747 fixed: some checks were added to verify the upload will fail for a
too big size or if the upload has failed for a too big size (test on
upload_max_filesize and post_max_size)



git-svn-id: http://piwigo.org/svn/trunk@6625 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
@plegall
plegall committed Jun 29, 2010
1 parent de5efe8 commit a1bddbe
Show file tree
Hide file tree
Showing 6 changed files with 238 additions and 20 deletions.
78 changes: 78 additions & 0 deletions admin/include/functions_upload.inc.php
View file
Expand Up @@ -299,4 +299,82 @@ function is_valid_image_extension($extension)
{
return in_array(strtolower($extension), array('jpg', 'jpeg', 'png'));
}

function file_upload_error_message($error_code)
{
switch ($error_code) {
case UPLOAD_ERR_INI_SIZE:
return sprintf(
l10n('The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'),
get_ini_size('upload_max_filesize', false)
);
case UPLOAD_ERR_FORM_SIZE:
return l10n('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form');
case UPLOAD_ERR_PARTIAL:
return l10n('The uploaded file was only partially uploaded');
case UPLOAD_ERR_NO_FILE:
return l10n('No file was uploaded');
case UPLOAD_ERR_NO_TMP_DIR:
return l10n('Missing a temporary folder');
case UPLOAD_ERR_CANT_WRITE:
return l10n('Failed to write file to disk');
case UPLOAD_ERR_EXTENSION:
return l10n('File upload stopped by extension');
default:
return l10n('Unknown upload error');
}
}

function get_ini_size($ini_key, $in_bytes=true)
{
$size = ini_get($ini_key);

if ($in_bytes)
{
$size = convert_shortand_notation_to_bytes($size);
}

return $size;
}

function convert_shortand_notation_to_bytes($value)
{
$suffix = substr($value, -1);
$multiply_by = null;

if ('K' == $suffix)
{
$multiply_by = 1024;
}
else if ('M' == $suffix)
{
$multiply_by = 1024*1024;
}
else if ('G' == $suffix)
{
$multiply_by = 1024*1024*1024;
}

if (isset($multiply_by))
{
$value = substr($value, 0, -1);
$value*= $multiply_by;
}

return $value;
}

function add_upload_error($upload_id, $error_message)
{
if (!isset($_SESSION['uploads_error']))
{
$_SESSION['uploads_error'] = array();
}
if (!isset($_SESSION['uploads_error'][$upload_id]))
{
$_SESSION['uploads_error'][$upload_id] = array();
}

array_push($_SESSION['uploads_error'][$upload_id], $error_message);
}
?>
29 changes: 29 additions & 0 deletions admin/include/uploadify/uploadify.php
View file
Expand Up @@ -11,13 +11,35 @@
check_pwg_token();

ob_start();
echo '$_FILES'."\n";
print_r($_FILES);
echo '$_POST'."\n";
print_r($_POST);
echo '$user'."\n";
print_r($user);
$tmp = ob_get_contents();
ob_end_clean();
// error_log($tmp, 3, "/tmp/php-".date('YmdHis').'-'.sprintf('%020u', rand()).".log");

if ($_FILES['Filedata']['error'] !== UPLOAD_ERR_OK)
{
$error_message = file_upload_error_message($_FILES['Filedata']['error']);

add_upload_error(
$_POST['upload_id'],
sprintf(
l10n('Error on file "%s" : %s'),
$_FILES['Filedata']['name'],
$error_message
)
);

echo "File Size Error";
exit();
}

ob_start();

$image_id = add_uploaded_file(
$_FILES['Filedata']['tmp_name'],
$_FILES['Filedata']['name'],
Expand All @@ -40,5 +62,12 @@
$image_id
);

$output = ob_get_contents();
ob_end_clean();
if (!empty($output))
{
add_upload_error($_POST['upload_id'], $output);
}

echo "1";
?>
80 changes: 70 additions & 10 deletions admin/photos_add_direct.php
View file
Expand Up @@ -62,15 +62,33 @@
// | process form |
// +-----------------------------------------------------------------------+

if (isset($_POST['submit_upload']))
if (isset($_GET['processed']))
{
// echo '<pre>POST'."\n"; print_r($_POST); echo '</pre>';
// echo '<pre>FILES'."\n"; print_r($_FILES); echo '</pre>';
// echo '<pre>SESSION'."\n"; print_r($_SESSION); echo '</pre>';
// exit();

// sometimes, you have submitted the form but you have nothing in $_POST
// and $_FILES. This may happen when you have an HTML upload and you
// exceeded the post_max_size (but not the upload_max_size)
if (!isset($_POST['submit_upload']))
{
array_push(
$page['errors'],
sprintf(
l10n('The uploaded files exceed the post_max_size directive in php.ini: %sB'),
ini_get('post_max_size')
)
);
}

$category_id = null;
if ('existing' == $_POST['category_type'])
if (!isset($_POST['category_type']))
{
// nothing to do, we certainly have the post_max_size issue
}
elseif ('existing' == $_POST['category_type'])
{
$category_id = $_POST['category'];
}
Expand Down Expand Up @@ -193,6 +211,19 @@
// TODO: if $image_id is not an integer, something went wrong
}
}
else
{
$error_message = file_upload_error_message($error);

array_push(
$page['errors'],
sprintf(
l10n('Error on file "%s" : %s'),
$_FILES['image_upload']['name'][$idx],
$error_message
)
);
}
}

$endtime = get_moment();
Expand All @@ -204,21 +235,32 @@
if (isset($_POST['upload_id']))
{
// we're on a multiple upload, with uploadify and so on
$image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];
if (isset($_SESSION['uploads_error'][ $_POST['upload_id'] ]))
{
foreach ($_SESSION['uploads_error'][ $_POST['upload_id'] ] as $error)
{
array_push($page['errors'], $error);
}
}

associate_images_to_categories(
$image_ids,
array($category_id)
);
if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
{
$image_ids = $_SESSION['uploads'][ $_POST['upload_id'] ];

$query = '
associate_images_to_categories(
$image_ids,
array($category_id)
);

$query = '
UPDATE '.IMAGES_TABLE.'
SET level = '.$_POST['level'].'
WHERE id IN ('.implode(', ', $image_ids).')
;';
pwg_query($query);
pwg_query($query);

invalidate_user_cache();
invalidate_user_cache();
}
}

$page['thumbnails'] = array();
Expand Down Expand Up @@ -325,6 +367,10 @@
array(
'F_ADD_ACTION'=> PHOTOS_ADD_BASE_URL,
'uploadify_path' => $uploadify_path,
'upload_max_filesize' => min(
get_ini_size('upload_max_filesize'),
get_ini_size('post_max_size')
),
)
);

Expand All @@ -345,10 +391,12 @@
$template->assign(
array(
'upload_mode' => $upload_mode,
'form_action' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode.'&amp;processed=1',
'switch_url' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_switch,
'upload_id' => md5(rand()),
'session_id' => session_id(),
'pwg_token' => get_pwg_token(),
'another_upload_link' => PHOTOS_ADD_BASE_URL.'&amp;upload_mode='.$upload_mode,
)
);

Expand Down Expand Up @@ -464,6 +512,18 @@
);
}

if (get_ini_size('upload_max_filesize') > get_ini_size('post_max_size'))
{
array_push(
$setup_warnings,
sprintf(
l10n('In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'),
get_ini_size('upload_max_filesize', false),
get_ini_size('post_max_size', false)
)
);
}

$template->assign(
array(
'setup_errors'=> $setup_errors,
Expand Down
47 changes: 37 additions & 10 deletions admin/themes/default/template/photos_add_direct.tpl
View file
Expand Up @@ -49,6 +49,26 @@ jQuery(document).ready(function(){

}

function humanReadableFileSize(bytes) {
var byteSize = Math.round(bytes / 1024 * 100) * .01;
var suffix = 'KB';
if (byteSize > 1000) {
byteSize = Math.round(byteSize *.001 * 100) * .01;
suffix = 'MB';
}

var sizeParts = byteSize.toString().split('.');
if (sizeParts.length > 1) {
byteSize = sizeParts[0] + '.' + sizeParts[1].substr(0,2);
}
else {
byteSize = sizeParts[0];
}

return byteSize+suffix;
}

if ($("select[name=category] option").length == 0) {
$('input[name=category_type][value=existing]').attr('disabled', true);
$('input[name=category_type]').attr('checked', false);
Expand Down Expand Up @@ -90,6 +110,7 @@ var upload_id = '{$upload_id}';
var session_id = '{$session_id}';
var pwg_token = '{$pwg_token}';
var buttonText = 'Browse';
var sizeLimit = {$upload_max_filesize};

{literal}
jQuery("#uploadify").uploadify({
Expand All @@ -108,6 +129,7 @@ var buttonText = 'Browse';
'multi' : true,
'fileDesc' : 'Photo files (*.jpg,*.jpeg,*.png)',
'fileExt' : '*.jpg;*.JPG;*.jpeg;*.JPEG;*.png;*.PNG',
'sizeLimit' : sizeLimit,
'onAllComplete' : function(event, data) {
if (data.errors) {
return false;
Expand All @@ -118,18 +140,23 @@ var buttonText = 'Browse';
},
onError: function (event, queueID ,fileObj, errorObj) {
var msg;
if (errorObj.status == 404) {
alert('Could not find upload script.');
msg = 'Could not find upload script.';
}
else if (errorObj.type === "HTTP") {
msg = errorObj.type+": "+errorObj.status;
if (errorObj.type === "HTTP") {
if (errorObj.info === 404) {
alert('Could not find upload script.');
msg = 'Could not find upload script.';
}
else {
msg = errorObj.type+": "+errorObj.info;
}
}
else if (errorObj.type ==="File Size") {
msg = fileObj.name+'<br>'+errorObj.type+' Limit: '+Math.round(errorObj.sizeLimit/1024)+'KB';
msg = "File too big";
msg = msg + '<br>'+fileObj.name+': '+humanReadableFileSize(fileObj.size);
msg = msg + '<br>Limit: '+humanReadableFileSize(sizeLimit);
}
else {
msg = errorObj.type+": "+errorObj.text;
msg = errorObj.type+": "+errorObj.info;
}

$.jGrowl(
Expand Down Expand Up @@ -239,7 +266,7 @@ var buttonText = 'Browse';
</div>
<p id="batchLink"><a href="{$batch_link}">{$batch_label}</a></p>
</fieldset>
<p><a href="">{'Add another set of photos'|@translate}</a></p>
<p><a href="{$another_upload_link}">{'Add another set of photos'|@translate}</a></p>
{else}

<div id="formErrors" class="errors" style="display:none">
Expand All @@ -250,7 +277,7 @@ var buttonText = 'Browse';
<div class="hideButton" style="text-align:center"><a href="#" id="hideErrors">{'Hide'|@translate}</a></div>
</div>

<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$F_ACTION}" class="properties">
<form id="uploadForm" enctype="multipart/form-data" method="post" action="{$form_action}" class="properties">
<fieldset>
<legend>{'Drop into category'|@translate}</legend>
{if $upload_mode eq 'multiple'}
Expand Down
12 changes: 12 additions & 0 deletions language/en_UK/admin.lang.php
View file
Expand Up @@ -757,4 +757,16 @@
$lang['Order of menubar items has been updated successfully.'] = 'Order of menubar items has been updated successfully.';
$lang['This theme was not designed to be directly activated'] = 'This theme was not designed to be directly activated';
$lang['Pending Comments'] = 'Pending Comments';
$lang['In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting'] = 'In your php.ini file, the upload_max_filesize (%sB) is bigger than post_max_size (%sB), you should change this setting';
$lang['Exif extension not available, admin should disable exif use'] = 'Exif extension not available, admin should disable exif use';
$lang['The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB'] = 'The uploaded file exceeds the upload_max_filesize directive in php.ini: %sB';
$lang['The uploaded files exceed the post_max_size directive in php.ini: %sB'] = 'The uploaded files exceed the post_max_size directive in php.ini: %sB';
$lang['The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'] = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
$lang['The uploaded file was only partially uploaded'] = 'The uploaded file was only partially uploaded';
$lang['No file was uploaded'] = 'No file was uploaded';
$lang['Missing a temporary folder'] = 'Missing a temporary folder';
$lang['Failed to write file to disk'] = 'Failed to write file to disk';
$lang['File upload stopped by extension'] = 'File upload stopped by extension';
$lang['Unknown upload error'] = 'Unknown upload error';
$lang['Error on file "%s" : %s'] = 'Error on file "%s" : %s';
?>

0 comments on commit a1bddbe

Please sign in to comment.