Skip to content

Q
question2answer
Commit 389c8211 by pupi1985 Committed by Scott
Options

Added checks and error displays when exceeding post_max_size and upload_max_filesize limits

parent cbf70b46
Showing with 211 additions and 168 deletions
qa-include/qa-base.php
......@@ -1038,6 +1038,33 @@
}
function qa_is_post_max_size_limit_exceeded()
/*
Checks whether an HTTP request has exceeded the post_max_size PHP variable. This happens whenever an HTTP request
is too big to be properly processed by PHP, usually because there is an attachment in the HTTP request. A warning
is added to the server's log displaying the size of the file that triggered this situation. It is important to note
that whenever this happens the $_POST and $_FILES superglobals are empty.
*/
{
if (in_array($_SERVER['REQUEST_METHOD'], array('POST', 'PUT')) && empty($_POST) && empty($_FILES)) {
$postmaxsize = ini_get('post_max_size'); // Gets the current post_max_size configuration
$unit = substr($postmaxsize, -1);
if (!is_numeric($unit)) {
$postmaxsize = substr($postmaxsize, 0, -1);
}
switch (strtoupper($unit)) { // Gets an integer value that can be compared against the size of the HTTP request
case 'G':
$postmaxsize *= 1024;
case 'M':
$postmaxsize *= 1024;
case 'K':
$postmaxsize *= 1024;
}
return $_SERVER['CONTENT_LENGTH'] > $postmaxsize;
}
}
function qa_is_mobile_probably()
/*
Return true if it appears that the page request is coming from a mobile client rather than a desktop/laptop web browser
......
qa-include/qa-lang-main.php
......@@ -82,6 +82,7 @@
'edited' => 'edited',
'email_error' => 'An error occurred trying to send the email.',
'field_required' => 'Please enter something in this field',
'file_upload_limit_exceeded' => 'The size of the file exceeds the server\'s limits',
'general_error' => 'A server error occurred - please try again.',
'hidden' => 'hidden',
'highest_users' => 'Top scoring users',
......
qa-include/qa-page-admin-default.php
......@@ -661,104 +661,111 @@
$formokhtml = null;
if (qa_clicked('doresetoptions')) {
if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
$securityexpired = true;
// If the post_max_size is exceeded then the $_POST array is empty so no field processing can be done
if (qa_is_post_max_size_limit_exceeded())
$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
else
if (qa_clicked('doresetoptions')) {
if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
$securityexpired = true;
else {
qa_reset_options($getoptions);
$formokhtml = qa_lang_html('admin/options_reset');
}
}
elseif (qa_clicked('dosaveoptions')) {
if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
$securityexpired = true;
else {
qa_reset_options($getoptions);
$formokhtml = qa_lang_html('admin/options_reset');
}
} elseif (qa_clicked('dosaveoptions')) {
if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
$securityexpired = true;
else {
foreach ($getoptions as $optionname) {
$optionvalue = qa_post_text('option_'.$optionname);
if (
(@$optiontype[$optionname] == 'number') ||
(@$optiontype[$optionname] == 'checkbox') ||
((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
)
$optionvalue = (int)$optionvalue;
if (isset($optionmaximum[$optionname]))
$optionvalue = min($optionmaximum[$optionname], $optionvalue);
if (isset($optionminimum[$optionname]))
$optionvalue = max($optionminimum[$optionname], $optionvalue);
switch ($optionname) {
case 'site_url':
if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
$optionvalue .= '/';
break;
case 'hot_weight_views':
case 'hot_weight_answers':
case 'hot_weight_votes':
case 'hot_weight_q_age':
case 'hot_weight_a_age':
if (qa_opt($optionname) != $optionvalue)
$recalchotness = true;
break;
case 'block_ips_write':
require_once QA_INCLUDE_DIR.'qa-app-limits.php';
$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
break;
case 'block_bad_words':
require_once QA_INCLUDE_DIR.'qa-util-string.php';
$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
break;
else {
foreach ($getoptions as $optionname) {
$optionvalue = qa_post_text('option_' . $optionname);
if (
(@$optiontype[$optionname] == 'number') ||
(@$optiontype[$optionname] == 'checkbox') ||
((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
)
$optionvalue = (int) $optionvalue;
if (isset($optionmaximum[$optionname]))
$optionvalue = min($optionmaximum[$optionname], $optionvalue);
if (isset($optionminimum[$optionname]))
$optionvalue = max($optionminimum[$optionname], $optionvalue);
switch ($optionname) {
case 'site_url':
if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
$optionvalue .= '/';
break;
case 'hot_weight_views':
case 'hot_weight_answers':
case 'hot_weight_votes':
case 'hot_weight_q_age':
case 'hot_weight_a_age':
if (qa_opt($optionname) != $optionvalue)
$recalchotness = true;
break;
case 'block_ips_write':
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
break;
case 'block_bad_words':
require_once QA_INCLUDE_DIR . 'qa-util-string.php';
$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
break;
}
qa_set_option($optionname, $optionvalue);
}
qa_set_option($optionname, $optionvalue);
}
$formokhtml = qa_lang_html('admin/options_saved');
$formokhtml = qa_lang_html('admin/options_saved');
// Uploading default avatar
if (is_array(@$_FILES['avatar_default_file'])) {
$avatarfileerror = $_FILES['avatar_default_file']['error'];
// Uploading default avatar
// Note if $_FILES['avatar_default_file']['error'] === 1 then upload_max_filesize has been exceeded
if ($avatarfileerror === 1)
$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
elseif ($avatarfileerror === 0 && $_FILES['avatar_default_file']['size'] > 0) {
require_once QA_INCLUDE_DIR . 'qa-util-image.php';
if (is_array(@$_FILES['avatar_default_file']) && $_FILES['avatar_default_file']['size']) {
require_once QA_INCLUDE_DIR.'qa-util-image.php';
$oldblobid = qa_opt('avatar_default_blobid');
$oldblobid = qa_opt('avatar_default_blobid');
$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
if ($toobig)
$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int) ($toobig * 100));
if ($toobig)
$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int)($toobig*100));
else {
$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
else {
$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
if (isset($imagedata)) {
require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
if (isset($imagedata)) {
require_once QA_INCLUDE_DIR.'qa-app-blobs.php';
$newblobid = qa_create_blob($imagedata, 'jpeg');
$newblobid = qa_create_blob($imagedata, 'jpeg');
if (isset($newblobid)) {
qa_set_option('avatar_default_blobid', $newblobid);
qa_set_option('avatar_default_width', $width);
qa_set_option('avatar_default_height', $height);
qa_set_option('avatar_default_show', 1);
}
if (isset($newblobid)) {
qa_set_option('avatar_default_blobid', $newblobid);
qa_set_option('avatar_default_width', $width);
qa_set_option('avatar_default_height', $height);
qa_set_option('avatar_default_show', 1);
if (strlen($oldblobid))
qa_delete_blob($oldblobid);
} else
$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
if (strlen($oldblobid))
qa_delete_blob($oldblobid);
}
else
$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
}
}
}
// Mailings management
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment