- Add client-side checking of uploaded files size

4 files changed, 30 insertions, 15 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 73d57fc91..1164bad48 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Add client-side checking of uploaded files size
 - Add newlines between organization, department, jobtitle (#1488028)
 - Recalculate date when replying to a message and localize the cite header (#1487675)
 - Fix XSS vulnerability in UI messages (#1488030)
diff --git a/program/include/main.inc b/program/include/main.inc
index d43f8ea50..a3edbf7ca 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -2332,7 +2332,7 @@ function rcube_upload_progress()
     $RCMAIL->output->send();
 }
 
-function rcube_upload_progress_init()
+function rcube_upload_init()
 {
     global $RCMAIL;
 
@@ -2343,6 +2343,19 @@ function rcube_upload_progress_init()
             $RCMAIL->output->set_env('upload_progress_time', (int) $seconds);
         }
     }
+
+    // find max filesize value
+    $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
+    $max_postsize = parse_bytes(ini_get('post_max_size'));
+    if ($max_postsize && $max_postsize < $max_filesize)
+        $max_filesize = $max_postsize;
+
+    $RCMAIL->output->set_env('max_filesize', $max_filesize);
+    $max_filesize = show_bytes($max_filesize);
+    $RCMAIL->output->set_env('filesizeerror', rcube_label(array(
+        'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize))));
+
+    return $max_filesize;
 }
 
 /**
diff --git a/program/js/app.js b/program/js/app.js
index a4fa4194b..717b21cfe 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3253,11 +3253,21 @@ function rcube_webmail()
       return false;
 
     // get file input field, count files on capable browser
-    var field = $('input[type=file]', form).get(0),
+    var i, size = 0, field = $('input[type=file]', form).get(0),
       files = field.files ? field.files.length : field.value ? 1 : 0;
 
     // create hidden iframe and post upload form
     if (files) {
+      // check file size
+      if (field.files && this.env.max_filesize && this.env.filesizeerror) {
+        for (i=0; i<files; i++)
+          size += field.files[i].size;
+        if (size && size > this.env.max_filesize) {
+          this.display_message(this.env.filesizeerror, 'error');
+          return;
+        }
+      }
+
       var frame_name = this.async_upload_form(form, 'upload', function(e) {
         var d, content = '';
         try {
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 31de0d9ee..9a94ff742 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -1206,20 +1206,11 @@ function rcmail_compose_attachment_form($attrib)
   if (!$attrib['id'])
     $attrib['id'] = 'rcmUploadbox';
 
-  // Enable upload progress bar
-  rcube_upload_progress_init();
+  // Get filesize, enable upload progress bar
+  $max_filesize = rcube_upload_init();
 
-  // find max filesize value
-  $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
-  $max_postsize = parse_bytes(ini_get('post_max_size'));
-  if ($max_postsize && $max_postsize < $max_filesize)
-    $max_filesize = $max_postsize;
-
-  $OUTPUT->set_env('max_filesize', $max_filesize);
-  $max_filesize = show_bytes($max_filesize);
-  
   $button = new html_inputfield(array('type' => 'button'));
-  
+
   $out = html::div($attrib,
     $OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),
       html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .
@@ -1230,7 +1221,7 @@ function rcmail_compose_attachment_form($attrib)
       )
     )
   );
-  
+
   $OUTPUT->add_gui_object('uploadbox', $attrib['id']);
   return $out;
 }