Skip to content

Q
question2answer
Commit 389c8211 by pupi1985 Committed by Scott
Options

Added checks and error displays when exceeding post_max_size and upload_max_filesize limits

parent cbf70b46
Showing with 211 additions and 168 deletions
qa-include/qa-base.php
......@@ -1038,6 +1038,33 @@
}
function qa_is_post_max_size_limit_exceeded()
/*
Checks whether an HTTP request has exceeded the post_max_size PHP variable. This happens whenever an HTTP request
is too big to be properly processed by PHP, usually because there is an attachment in the HTTP request. A warning
is added to the server's log displaying the size of the file that triggered this situation. It is important to note
that whenever this happens the $_POST and $_FILES superglobals are empty.
*/
{
if (in_array($_SERVER['REQUEST_METHOD'], array('POST', 'PUT')) && empty($_POST) && empty($_FILES)) {
$postmaxsize = ini_get('post_max_size'); // Gets the current post_max_size configuration
$unit = substr($postmaxsize, -1);
if (!is_numeric($unit)) {
$postmaxsize = substr($postmaxsize, 0, -1);
}
switch (strtoupper($unit)) { // Gets an integer value that can be compared against the size of the HTTP request
case 'G':
$postmaxsize *= 1024;
case 'M':
$postmaxsize *= 1024;
case 'K':
$postmaxsize *= 1024;
}
return $_SERVER['CONTENT_LENGTH'] > $postmaxsize;
}
}
function qa_is_mobile_probably()
/*
Return true if it appears that the page request is coming from a mobile client rather than a desktop/laptop web browser
......
qa-include/qa-lang-main.php
......@@ -82,6 +82,7 @@
'edited' => 'edited',
'email_error' => 'An error occurred trying to send the email.',
'field_required' => 'Please enter something in this field',
'file_upload_limit_exceeded' => 'The size of the file exceeds the server\'s limits',
'general_error' => 'A server error occurred - please try again.',
'hidden' => 'hidden',
'highest_users' => 'Top scoring users',
......
qa-include/qa-page-account.php
......@@ -65,139 +65,147 @@
// Process profile if saved
if (qa_clicked('dosaveprofile') && !$isblocked) {
require_once QA_INCLUDE_DIR.'qa-app-users-edit.php';
$inhandle=$changehandle ? qa_post_text('handle') : $useraccount['handle'];
$inemail=qa_post_text('email');
$inmessages=qa_post_text('messages');
$inwallposts=qa_post_text('wall');
$inmailings=qa_post_text('mailings');
$inavatar=qa_post_text('avatar');
$inprofile=array();
foreach ($userfields as $userfield)
$inprofile[$userfield['fieldid']]=qa_post_text('field_'.$userfield['fieldid']);
// If the post_max_size is exceeded then the $_POST array is empty so no field processing can be done
if (qa_is_post_max_size_limit_exceeded())
$errors['avatar'] = qa_lang('main/file_upload_limit_exceeded');
else {
if (qa_clicked('dosaveprofile') && !$isblocked) {
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$inhandle = $changehandle ? qa_post_text('handle') : $useraccount['handle'];
$inemail = qa_post_text('email');
$inmessages = qa_post_text('messages');
$inwallposts = qa_post_text('wall');
$inmailings = qa_post_text('mailings');
$inavatar = qa_post_text('avatar');
$inprofile=array();
foreach ($userfields as $userfield)
$inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']);
if (!qa_check_form_security_code('account', qa_post_text('code')))
$errors['page']=qa_lang_html('misc/form_security_again');
if (!qa_check_form_security_code('account', qa_post_text('code')))
$errors['page'] = qa_lang_html('misc/form_security_again');
else {
$errors=qa_handle_email_filter($inhandle, $inemail, $useraccount);
else {
$errors = qa_handle_email_filter($inhandle, $inemail, $useraccount);
if (!isset($errors['handle']))
qa_db_user_set($userid, 'handle', $inhandle);
if (!isset($errors['handle']))
qa_db_user_set($userid, 'handle', $inhandle);
if (!isset($errors['email']))
if ($inemail != $useraccount['email']) {
if (!isset($errors['email']) && $inemail !== $useraccount['email']) {
qa_db_user_set($userid, 'email', $inemail);
qa_db_user_set_flag($userid, QA_USER_FLAGS_EMAIL_CONFIRMED, false);
$isconfirmed=false;
$isconfirmed = false;
if ($doconfirms)
qa_send_new_confirm($userid);
}
if (qa_opt('allow_private_messages'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_MESSAGES, !$inmessages);
if (qa_opt('allow_private_messages'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_MESSAGES, !$inmessages);
if (qa_opt('allow_user_walls'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_WALL_POSTS, !$inwallposts);
if (qa_opt('allow_user_walls'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_WALL_POSTS, !$inwallposts);
if (qa_opt('mailing_enabled'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_MAILINGS, !$inmailings);
if (qa_opt('mailing_enabled'))
qa_db_user_set_flag($userid, QA_USER_FLAGS_NO_MAILINGS, !$inmailings);
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_AVATAR, ($inavatar=='uploaded'));
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_GRAVATAR, ($inavatar=='gravatar'));
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_AVATAR, ($inavatar == 'uploaded'));
qa_db_user_set_flag($userid, QA_USER_FLAGS_SHOW_GRAVATAR, ($inavatar == 'gravatar'));
if (is_array(@$_FILES['file']) && $_FILES['file']['size']) {
require_once QA_INCLUDE_DIR.'qa-app-limits.php';
if (is_array(@$_FILES['file'])) {
$avatarfileerror = $_FILES['file']['error'];
switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS))
{
case 'limit':
$errors['avatar']=qa_lang('main/upload_limit');
break;
// Note if $_FILES['file']['error'] === 1 then upload_max_filesize has been exceeded
if ($avatarfileerror === 1)
$errors['avatar'] = qa_lang('main/file_upload_limit_exceeded');
elseif ($avatarfileerror === 0 && $_FILES['file']['size'] > 0) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
default:
$errors['avatar']=qa_lang('users/no_permission');
break;
switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) {
case 'limit':
$errors['avatar'] = qa_lang('main/upload_limit');
break;
case false:
qa_limits_increment($userid, QA_LIMIT_UPLOADS);
default:
$errors['avatar'] = qa_lang('users/no_permission');
break;
$toobig=qa_image_file_too_big($_FILES['file']['tmp_name'], qa_opt('avatar_store_size'));
case false:
qa_limits_increment($userid, QA_LIMIT_UPLOADS);
if ($toobig)
$errors['avatar']=qa_lang_sub('main/image_too_big_x_pc', (int)($toobig*100));
elseif (!qa_set_user_avatar($userid, file_get_contents($_FILES['file']['tmp_name']), $useraccount['avatarblobid']))
$errors['avatar']=qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
break;
$toobig = qa_image_file_too_big($_FILES['file']['tmp_name'], qa_opt('avatar_store_size'));
if ($toobig)
$errors['avatar'] = qa_lang_sub('main/image_too_big_x_pc', (int) ($toobig * 100));
elseif (!qa_set_user_avatar($userid, file_get_contents($_FILES['file']['tmp_name']), $useraccount['avatarblobid']))
$errors['avatar'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
break;
}
} // There shouldn't be any need to catch any other error
}
}
if (count($inprofile)) {
$filtermodules=qa_load_modules_with('filter', 'filter_profile');
foreach ($filtermodules as $filtermodule)
$filtermodule->filter_profile($inprofile, $errors, $useraccount, $userprofile);
}
if (count($inprofile)) {
$filtermodules = qa_load_modules_with('filter', 'filter_profile');
foreach ($filtermodules as $filtermodule)
$filtermodule->filter_profile($inprofile, $errors, $useraccount, $userprofile);
}
foreach ($userfields as $userfield)
if (!isset($errors[$userfield['fieldid']]))
qa_db_user_profile_set($userid, $userfield['title'], $inprofile[$userfield['fieldid']]);
foreach ($userfields as $userfield)
if (!isset($errors[$userfield['fieldid']]))
qa_db_user_profile_set($userid, $userfield['title'], $inprofile[$userfield['fieldid']]);
list($useraccount, $userprofile)=qa_db_select_with_pending(
qa_db_user_account_selectspec($userid, true),
qa_db_user_profile_selectspec($userid, true)
);
list($useraccount, $userprofile) = qa_db_select_with_pending(
qa_db_user_account_selectspec($userid, true), qa_db_user_profile_selectspec($userid, true)
);
qa_report_event('u_save', $userid, $useraccount['handle'], qa_cookie_get());
qa_report_event('u_save', $userid, $useraccount['handle'], qa_cookie_get());
if (empty($errors))
qa_redirect('account', array('state' => 'profile-saved'));
if (empty($errors))
qa_redirect('account', array('state' => 'profile-saved'));
qa_logged_in_user_flush();
qa_logged_in_user_flush();
}
}
}
// Process change password if clicked
// Process change password if clicked
if (qa_clicked('dochangepassword')) {
require_once QA_INCLUDE_DIR.'qa-app-users-edit.php';
if (qa_clicked('dochangepassword')) {
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$inoldpassword=qa_post_text('oldpassword');
$innewpassword1=qa_post_text('newpassword1');
$innewpassword2=qa_post_text('newpassword2');
$inoldpassword = qa_post_text('oldpassword');
$innewpassword1 = qa_post_text('newpassword1');
$innewpassword2 = qa_post_text('newpassword2');
if (!qa_check_form_security_code('password', qa_post_text('code')))
$errors['page']=qa_lang_html('misc/form_security_again');
if (!qa_check_form_security_code('password', qa_post_text('code')))
$errors['page'] = qa_lang_html('misc/form_security_again');
else {
$errors=array();
else {
$errors = array();
if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])))
$errors['oldpassword']=qa_lang('users/password_wrong');
if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])))
$errors['oldpassword'] = qa_lang('users/password_wrong');
$useraccount['password']=$inoldpassword;
$errors=$errors+qa_password_validate($innewpassword1, $useraccount); // array union
$useraccount['password'] = $inoldpassword;
$errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union
if ($innewpassword1 != $innewpassword2)
$errors['newpassword2']=qa_lang('users/password_mismatch');
if ($innewpassword1 != $innewpassword2)
$errors['newpassword2'] = qa_lang('users/password_mismatch');
if (empty($errors)) {
qa_db_user_set_password($userid, $innewpassword1);
qa_db_user_set($userid, 'sessioncode', ''); // stop old 'Remember me' style logins from still working
qa_set_logged_in_user($userid, $useraccount['handle'], false, $useraccount['sessionsource']); // reinstate this specific session
if (empty($errors)) {
qa_db_user_set_password($userid, $innewpassword1);
qa_db_user_set($userid, 'sessioncode', ''); // stop old 'Remember me' style logins from still working
qa_set_logged_in_user($userid, $useraccount['handle'], false, $useraccount['sessionsource']); // reinstate this specific session
qa_report_event('u_password', $userid, $useraccount['handle'], qa_cookie_get());
qa_report_event('u_password', $userid, $useraccount['handle'], qa_cookie_get());
qa_redirect('account', array('state' => 'password-changed'));
qa_redirect('account', array('state' => 'password-changed'));
}
}
}
}
// Prepare content for theme
$qa_content=qa_content_prepare();
......
qa-include/qa-page-admin-default.php
......@@ -661,104 +661,111 @@
$formokhtml = null;
if (qa_clicked('doresetoptions')) {
if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
$securityexpired = true;
// If the post_max_size is exceeded then the $_POST array is empty so no field processing can be done
if (qa_is_post_max_size_limit_exceeded())
$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
else
if (qa_clicked('doresetoptions')) {
if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
$securityexpired = true;
else {
qa_reset_options($getoptions);
$formokhtml = qa_lang_html('admin/options_reset');
}
}
elseif (qa_clicked('dosaveoptions')) {
if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
$securityexpired = true;
else {
qa_reset_options($getoptions);
$formokhtml = qa_lang_html('admin/options_reset');
}
} elseif (qa_clicked('dosaveoptions')) {
if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
$securityexpired = true;
else {
foreach ($getoptions as $optionname) {
$optionvalue = qa_post_text('option_'.$optionname);
if (
(@$optiontype[$optionname] == 'number') ||
(@$optiontype[$optionname] == 'checkbox') ||
((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
)
$optionvalue = (int)$optionvalue;
if (isset($optionmaximum[$optionname]))
$optionvalue = min($optionmaximum[$optionname], $optionvalue);
if (isset($optionminimum[$optionname]))
$optionvalue = max($optionminimum[$optionname], $optionvalue);
switch ($optionname) {
case 'site_url':
if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
$optionvalue .= '/';
break;
case 'hot_weight_views':
case 'hot_weight_answers':
case 'hot_weight_votes':
case 'hot_weight_q_age':
case 'hot_weight_a_age':
if (qa_opt($optionname) != $optionvalue)
$recalchotness = true;
break;
case 'block_ips_write':
require_once QA_INCLUDE_DIR.'qa-app-limits.php';
$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
break;
case 'block_bad_words':
require_once QA_INCLUDE_DIR.'qa-util-string.php';
$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
break;
else {
foreach ($getoptions as $optionname) {
$optionvalue = qa_post_text('option_' . $optionname);
if (
(@$optiontype[$optionname] == 'number') ||
(@$optiontype[$optionname] == 'checkbox') ||
((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
)
$optionvalue = (int) $optionvalue;
if (isset($optionmaximum[$optionname]))
$optionvalue = min($optionmaximum[$optionname], $optionvalue);
if (isset($optionminimum[$optionname]))
$optionvalue = max($optionminimum[$optionname], $optionvalue);
switch ($optionname) {
case 'site_url':
if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
$optionvalue .= '/';
break;
case 'hot_weight_views':
case 'hot_weight_answers':
case 'hot_weight_votes':
case 'hot_weight_q_age':
case 'hot_weight_a_age':
if (qa_opt($optionname) != $optionvalue)
$recalchotness = true;
break;
case 'block_ips_write':
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
break;
case 'block_bad_words':
require_once QA_INCLUDE_DIR . 'qa-util-string.php';
$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
break;
}
qa_set_option($optionname, $optionvalue);
}
qa_set_option($optionname, $optionvalue);
}
$formokhtml = qa_lang_html('admin/options_saved');
$formokhtml = qa_lang_html('admin/options_saved');
// Uploading default avatar
if (is_array(@$_FILES['avatar_default_file'])) {
$avatarfileerror = $_FILES['avatar_default_file']['error'];
// Uploading default avatar
// Note if $_FILES['avatar_default_file']['error'] === 1 then upload_max_filesize has been exceeded
if ($avatarfileerror === 1)
$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
elseif ($avatarfileerror === 0 && $_FILES['avatar_default_file']['size'] > 0) {
require_once QA_INCLUDE_DIR . 'qa-util-image.php';
if (is_array(@$_FILES['avatar_default_file']) && $_FILES['avatar_default_file']['size']) {
require_once QA_INCLUDE_DIR.'qa-util-image.php';
$oldblobid = qa_opt('avatar_default_blobid');
$oldblobid = qa_opt('avatar_default_blobid');
$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
if ($toobig)
$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int) ($toobig * 100));
if ($toobig)
$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int)($toobig*100));
else {
$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
else {
$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
if (isset($imagedata)) {
require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
if (isset($imagedata)) {
require_once QA_INCLUDE_DIR.'qa-app-blobs.php';
$newblobid = qa_create_blob($imagedata, 'jpeg');
$newblobid = qa_create_blob($imagedata, 'jpeg');
if (isset($newblobid)) {
qa_set_option('avatar_default_blobid', $newblobid);
qa_set_option('avatar_default_width', $width);
qa_set_option('avatar_default_height', $height);
qa_set_option('avatar_default_show', 1);
}
if (isset($newblobid)) {
qa_set_option('avatar_default_blobid', $newblobid);
qa_set_option('avatar_default_width', $width);
qa_set_option('avatar_default_height', $height);
qa_set_option('avatar_default_show', 1);
if (strlen($oldblobid))
qa_delete_blob($oldblobid);
} else
$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
if (strlen($oldblobid))
qa_delete_blob($oldblobid);
}
else
$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
}
}
}
// Mailings management
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment