Added checks and error displays when exceeding post_max_size and upload_max_filesize limits

qa-include/qa-base.php

@@ -1038,6 +1038,33 @@
 	}
 
 
+	function qa_is_post_max_size_limit_exceeded()
+/*
+	Checks whether an HTTP request has exceeded the post_max_size PHP variable. This happens whenever an HTTP request
+	is too big to be properly processed by PHP, usually because there is an attachment in the HTTP request. A warning
+	is added to the server's log displaying the size of the file that triggered this situation. It is important to note
+	that whenever this happens the $_POST and $_FILES superglobals are empty.
+*/
+	{
+		if (in_array($_SERVER['REQUEST_METHOD'], array('POST', 'PUT')) && empty($_POST) && empty($_FILES)) {
+			$postmaxsize = ini_get('post_max_size');  // Gets the current post_max_size configuration
+			$unit = substr($postmaxsize, -1);
+			if (!is_numeric($unit)) {
+				$postmaxsize = substr($postmaxsize, 0, -1);
+			}
+			switch (strtoupper($unit)) {  // Gets an integer value that can be compared against the size of the HTTP request
+				case 'G':
+					$postmaxsize *= 1024;
+				case 'M':
+					$postmaxsize *= 1024;
+				case 'K':
+					$postmaxsize *= 1024;
+			}
+			return $_SERVER['CONTENT_LENGTH'] > $postmaxsize;
+		}
+	}
+
+
 	function qa_is_mobile_probably()
 /*
 	Return true if it appears that the page request is coming from a mobile client rather than a desktop/laptop web browser

qa-include/qa-lang-main.php

@@ -82,6 +82,7 @@
 		'edited' => 'edited',
 		'email_error' => 'An error occurred trying to send the email.',
 		'field_required' => 'Please enter something in this field',
+		'file_upload_limit_exceeded' => 'The size of the file exceeds the server\'s limits',
 		'general_error' => 'A server error occurred - please try again.',
 		'hidden' => 'hidden',
 		'highest_users' => 'Top scoring users',

qa-include/qa-page-admin-default.php

@@ -661,104 +661,111 @@
 
 	$formokhtml = null;
 
-	if (qa_clicked('doresetoptions')) {
-		if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
-			$securityexpired = true;
+	// If the post_max_size is exceeded then the $_POST array is empty so no field processing can be done
+	if (qa_is_post_max_size_limit_exceeded())
+		$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
+	else
+		if (qa_clicked('doresetoptions')) {
+			if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
+				$securityexpired = true;
 
-		else {
-			qa_reset_options($getoptions);
-			$formokhtml = qa_lang_html('admin/options_reset');
-		}
-	}
-	elseif (qa_clicked('dosaveoptions')) {
-		if (!qa_check_form_security_code('admin/'.$adminsection, qa_post_text('code')))
-			$securityexpired = true;
+			else {
+				qa_reset_options($getoptions);
+				$formokhtml = qa_lang_html('admin/options_reset');
+			}
+		} elseif (qa_clicked('dosaveoptions')) {
+			if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code')))
+				$securityexpired = true;
 
-		else {
-			foreach ($getoptions as $optionname) {
-				$optionvalue = qa_post_text('option_'.$optionname);
-
-				if (
-					(@$optiontype[$optionname] == 'number') ||
-					(@$optiontype[$optionname] == 'checkbox') ||
-					((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
-				)
-					$optionvalue = (int)$optionvalue;
-
-				if (isset($optionmaximum[$optionname]))
-					$optionvalue = min($optionmaximum[$optionname], $optionvalue);
-
-				if (isset($optionminimum[$optionname]))
-					$optionvalue = max($optionminimum[$optionname], $optionvalue);
-
-				switch ($optionname) {
-					case 'site_url':
-						if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
-							$optionvalue .= '/';
-						break;
-
-					case 'hot_weight_views':
-					case 'hot_weight_answers':
-					case 'hot_weight_votes':
-					case 'hot_weight_q_age':
-					case 'hot_weight_a_age':
-						if (qa_opt($optionname) != $optionvalue)
-							$recalchotness = true;
-						break;
-
-					case 'block_ips_write':
-						require_once QA_INCLUDE_DIR.'qa-app-limits.php';
-						$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
-						break;
-
-					case 'block_bad_words':
-						require_once QA_INCLUDE_DIR.'qa-util-string.php';
-						$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
-						break;
+			else {
+				foreach ($getoptions as $optionname) {
+					$optionvalue = qa_post_text('option_' . $optionname);
+
+					if (
+							(@$optiontype[$optionname] == 'number') ||
+							(@$optiontype[$optionname] == 'checkbox') ||
+							((@$optiontype[$optionname] == 'number-blank') && strlen($optionvalue))
+					)
+						$optionvalue = (int) $optionvalue;
+
+					if (isset($optionmaximum[$optionname]))
+						$optionvalue = min($optionmaximum[$optionname], $optionvalue);
+
+					if (isset($optionminimum[$optionname]))
+						$optionvalue = max($optionminimum[$optionname], $optionvalue);
+
+					switch ($optionname) {
+						case 'site_url':
+							if (substr($optionvalue, -1) != '/') // seems to be a very common mistake and will mess up URLs
+								$optionvalue .= '/';
+							break;
+
+						case 'hot_weight_views':
+						case 'hot_weight_answers':
+						case 'hot_weight_votes':
+						case 'hot_weight_q_age':
+						case 'hot_weight_a_age':
+							if (qa_opt($optionname) != $optionvalue)
+								$recalchotness = true;
+							break;
+
+						case 'block_ips_write':
+							require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
+							$optionvalue = implode(' , ', qa_block_ips_explode($optionvalue));
+							break;
+
+						case 'block_bad_words':
+							require_once QA_INCLUDE_DIR . 'qa-util-string.php';
+							$optionvalue = implode(' , ', qa_block_words_explode($optionvalue));
+							break;
+					}
+
+					qa_set_option($optionname, $optionvalue);
 				}
 
-				qa_set_option($optionname, $optionvalue);
-			}
+				$formokhtml = qa_lang_html('admin/options_saved');
 
-			$formokhtml = qa_lang_html('admin/options_saved');
+				//	Uploading default avatar
+				if (is_array(@$_FILES['avatar_default_file'])) {
+					$avatarfileerror = $_FILES['avatar_default_file']['error'];
 
-		//	Uploading default avatar
+					// Note if $_FILES['avatar_default_file']['error'] === 1 then upload_max_filesize has been exceeded
+					if ($avatarfileerror === 1)
+						$errors['avatar_default_show'] = qa_lang('main/file_upload_limit_exceeded');
+					elseif ($avatarfileerror === 0 && $_FILES['avatar_default_file']['size'] > 0) {
+						require_once QA_INCLUDE_DIR . 'qa-util-image.php';
 
-			if (is_array(@$_FILES['avatar_default_file']) && $_FILES['avatar_default_file']['size']) {
-				require_once QA_INCLUDE_DIR.'qa-util-image.php';
+						$oldblobid = qa_opt('avatar_default_blobid');
 
-				$oldblobid = qa_opt('avatar_default_blobid');
+						$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
 
-				$toobig = qa_image_file_too_big($_FILES['avatar_default_file']['tmp_name'], qa_opt('avatar_store_size'));
+						if ($toobig)
+							$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int) ($toobig * 100));
 
-				if ($toobig)
-					$errors['avatar_default_show'] = qa_lang_sub('main/image_too_big_x_pc', (int)($toobig*100));
+						else {
+							$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
 
-				else {
-					$imagedata = qa_image_constrain_data(file_get_contents($_FILES['avatar_default_file']['tmp_name']), $width, $height, qa_opt('avatar_store_size'));
+							if (isset($imagedata)) {
+								require_once QA_INCLUDE_DIR . 'qa-app-blobs.php';
 
-					if (isset($imagedata)) {
-						require_once QA_INCLUDE_DIR.'qa-app-blobs.php';
+								$newblobid = qa_create_blob($imagedata, 'jpeg');
 
-						$newblobid = qa_create_blob($imagedata, 'jpeg');
+								if (isset($newblobid)) {
+									qa_set_option('avatar_default_blobid', $newblobid);
+									qa_set_option('avatar_default_width', $width);
+									qa_set_option('avatar_default_height', $height);
+									qa_set_option('avatar_default_show', 1);
+								}
 
-						if (isset($newblobid)) {
-							qa_set_option('avatar_default_blobid', $newblobid);
-							qa_set_option('avatar_default_width', $width);
-							qa_set_option('avatar_default_height', $height);
-							qa_set_option('avatar_default_show', 1);
+								if (strlen($oldblobid))
+									qa_delete_blob($oldblobid);
+							} else
+								$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
 						}
-
-						if (strlen($oldblobid))
-							qa_delete_blob($oldblobid);
-
 					}
-					else
-						$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
 				}
 			}
 		}
-	}
 
 
 //	Mailings management