Roundcubemail devel
parent: faf10e8f | patch | commit | ignore whitespace
alecpl
2011-08-16 fe0cb657f1b3c0a5b097a4f7a2b670ea8c52997b 
- Add client-side checking of uploaded files size


4 files modified
45 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/include/main.inc 15 ●●●●● patch | view | raw | blame | history
program/js/app.js 12 ●●●●● patch | view | raw | blame | history
program/steps/mail/compose.inc 17 ●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -1,6 +1,7 @@


CHANGELOG Roundcube Webmail


===========================




- Add client-side checking of uploaded files size


- Add newlines between organization, department, jobtitle (#1488028)


- Recalculate date when replying to a message and localize the cite header (#1487675)


- Fix XSS vulnerability in UI messages (#1488030)




 program/include/main.inc


@@ -2332,7 +2332,7 @@


    $RCMAIL->output->send();


}




function rcube_upload_progress_init()


function rcube_upload_init()


{


    global $RCMAIL;




@@ -2343,6 +2343,19 @@


            $RCMAIL->output->set_env('upload_progress_time', (int) $seconds);


        }


    }




    // find max filesize value


    $max_filesize = parse_bytes(ini_get('upload_max_filesize'));


    $max_postsize = parse_bytes(ini_get('post_max_size'));


    if ($max_postsize && $max_postsize < $max_filesize)


        $max_filesize = $max_postsize;




    $RCMAIL->output->set_env('max_filesize', $max_filesize);


    $max_filesize = show_bytes($max_filesize);


    $RCMAIL->output->set_env('filesizeerror', rcube_label(array(


        'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize))));




    return $max_filesize;


}




/**




 program/js/app.js


@@ -3253,11 +3253,21 @@


      return false;




    // get file input field, count files on capable browser


    var field = $('input[type=file]', form).get(0),


    var i, size = 0, field = $('input[type=file]', form).get(0),


      files = field.files ? field.files.length : field.value ? 1 : 0;




    // create hidden iframe and post upload form


    if (files) {


      // check file size


      if (field.files && this.env.max_filesize && this.env.filesizeerror) {


        for (i=0; i<files; i++)


          size += field.files[i].size;


        if (size && size > this.env.max_filesize) {


          this.display_message(this.env.filesizeerror, 'error');


          return;


        }


      }




      var frame_name = this.async_upload_form(form, 'upload', function(e) {


        var d, content = '';


        try {




 program/steps/mail/compose.inc


@@ -1206,20 +1206,11 @@


  if (!$attrib['id'])


    $attrib['id'] = 'rcmUploadbox';




  // Enable upload progress bar


  rcube_upload_progress_init();


  // Get filesize, enable upload progress bar


  $max_filesize = rcube_upload_init();




  // find max filesize value


  $max_filesize = parse_bytes(ini_get('upload_max_filesize'));


  $max_postsize = parse_bytes(ini_get('post_max_size'));


  if ($max_postsize && $max_postsize < $max_filesize)


    $max_filesize = $max_postsize;




  $OUTPUT->set_env('max_filesize', $max_filesize);


  $max_filesize = show_bytes($max_filesize);


  


  $button = new html_inputfield(array('type' => 'button'));


  




  $out = html::div($attrib,


    $OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),


      html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .


@@ -1230,7 +1221,7 @@


      )


    )


  );


  




  $OUTPUT->add_gui_object('uploadbox', $attrib['id']);


  return $out;


}