From fe0cb657f1b3c0a5b097a4f7a2b670ea8c52997b Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 16 Aug 2011 08:11:21 -0400
Subject: [PATCH] - Add client-side checking of uploaded files size
---
CHANGELOG | 1 +
program/include/main.inc | 15 ++++++++++++++-
program/steps/mail/compose.inc | 17 ++++-------------
program/js/app.js | 12 +++++++++++-
4 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 73d57fc..1164bad 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Add client-side checking of uploaded files size
- Add newlines between organization, department, jobtitle (#1488028)
- Recalculate date when replying to a message and localize the cite header (#1487675)
- Fix XSS vulnerability in UI messages (#1488030)
diff --git a/program/include/main.inc b/program/include/main.inc
index d43f8ea..a3edbf7 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -2332,7 +2332,7 @@
$RCMAIL->output->send();
}
-function rcube_upload_progress_init()
+function rcube_upload_init()
{
global $RCMAIL;
@@ -2343,6 +2343,19 @@
$RCMAIL->output->set_env('upload_progress_time', (int) $seconds);
}
}
+
+ // find max filesize value
+ $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
+ $max_postsize = parse_bytes(ini_get('post_max_size'));
+ if ($max_postsize && $max_postsize < $max_filesize)
+ $max_filesize = $max_postsize;
+
+ $RCMAIL->output->set_env('max_filesize', $max_filesize);
+ $max_filesize = show_bytes($max_filesize);
+ $RCMAIL->output->set_env('filesizeerror', rcube_label(array(
+ 'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize))));
+
+ return $max_filesize;
}
/**
diff --git a/program/js/app.js b/program/js/app.js
index a4fa419..717b21c 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3253,11 +3253,21 @@
return false;
// get file input field, count files on capable browser
- var field = $('input[type=file]', form).get(0),
+ var i, size = 0, field = $('input[type=file]', form).get(0),
files = field.files ? field.files.length : field.value ? 1 : 0;
// create hidden iframe and post upload form
if (files) {
+ // check file size
+ if (field.files && this.env.max_filesize && this.env.filesizeerror) {
+ for (i=0; i<files; i++)
+ size += field.files[i].size;
+ if (size && size > this.env.max_filesize) {
+ this.display_message(this.env.filesizeerror, 'error');
+ return;
+ }
+ }
+
var frame_name = this.async_upload_form(form, 'upload', function(e) {
var d, content = '';
try {
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 31de0d9..9a94ff7 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -1206,20 +1206,11 @@
if (!$attrib['id'])
$attrib['id'] = 'rcmUploadbox';
- // Enable upload progress bar
- rcube_upload_progress_init();
+ // Get filesize, enable upload progress bar
+ $max_filesize = rcube_upload_init();
- // find max filesize value
- $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
- $max_postsize = parse_bytes(ini_get('post_max_size'));
- if ($max_postsize && $max_postsize < $max_filesize)
- $max_filesize = $max_postsize;
-
- $OUTPUT->set_env('max_filesize', $max_filesize);
- $max_filesize = show_bytes($max_filesize);
-
$button = new html_inputfield(array('type' => 'button'));
-
+
$out = html::div($attrib,
$OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),
html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .
@@ -1230,7 +1221,7 @@
)
)
);
-
+
$OUTPUT->add_gui_object('uploadbox', $attrib['id']);
return $out;
}
--
Gitblit v1.9.1