diff options
author | alecpl <alec@alec.pl> | 2011-08-16 12:11:21 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2011-08-16 12:11:21 +0000 |
commit | fe0cb657f1b3c0a5b097a4f7a2b670ea8c52997b (patch) | |
tree | 9c71d5b15da006ccc2289c03b4ed0e1b2a2be3bd | |
parent | faf10e8fec3dcd4439a3a22cb2e3877c4b622b33 (diff) |
- Add client-side checking of uploaded files size
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/include/main.inc | 15 | ||||
-rw-r--r-- | program/js/app.js | 12 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 17 |
4 files changed, 30 insertions, 15 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Add client-side checking of uploaded files size - Add newlines between organization, department, jobtitle (#1488028) - Recalculate date when replying to a message and localize the cite header (#1487675) - Fix XSS vulnerability in UI messages (#1488030) diff --git a/program/include/main.inc b/program/include/main.inc index d43f8ea50..a3edbf7ca 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -2332,7 +2332,7 @@ function rcube_upload_progress() $RCMAIL->output->send(); } -function rcube_upload_progress_init() +function rcube_upload_init() { global $RCMAIL; @@ -2343,6 +2343,19 @@ function rcube_upload_progress_init() $RCMAIL->output->set_env('upload_progress_time', (int) $seconds); } } + + // find max filesize value + $max_filesize = parse_bytes(ini_get('upload_max_filesize')); + $max_postsize = parse_bytes(ini_get('post_max_size')); + if ($max_postsize && $max_postsize < $max_filesize) + $max_filesize = $max_postsize; + + $RCMAIL->output->set_env('max_filesize', $max_filesize); + $max_filesize = show_bytes($max_filesize); + $RCMAIL->output->set_env('filesizeerror', rcube_label(array( + 'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize)))); + + return $max_filesize; } /** diff --git a/program/js/app.js b/program/js/app.js index a4fa4194b..717b21cfe 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -3253,11 +3253,21 @@ function rcube_webmail() return false; // get file input field, count files on capable browser - var field = $('input[type=file]', form).get(0), + var i, size = 0, field = $('input[type=file]', form).get(0), files = field.files ? field.files.length : field.value ? 1 : 0; // create hidden iframe and post upload form if (files) { + // check file size + if (field.files && this.env.max_filesize && this.env.filesizeerror) { + for (i=0; i<files; i++) + size += field.files[i].size; + if (size && size > this.env.max_filesize) { + this.display_message(this.env.filesizeerror, 'error'); + return; + } + } + var frame_name = this.async_upload_form(form, 'upload', function(e) { var d, content = ''; try { diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 31de0d9ee..9a94ff742 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -1206,20 +1206,11 @@ function rcmail_compose_attachment_form($attrib) if (!$attrib['id']) $attrib['id'] = 'rcmUploadbox'; - // Enable upload progress bar - rcube_upload_progress_init(); + // Get filesize, enable upload progress bar + $max_filesize = rcube_upload_init(); - // find max filesize value - $max_filesize = parse_bytes(ini_get('upload_max_filesize')); - $max_postsize = parse_bytes(ini_get('post_max_size')); - if ($max_postsize && $max_postsize < $max_filesize) - $max_filesize = $max_postsize; - - $OUTPUT->set_env('max_filesize', $max_filesize); - $max_filesize = show_bytes($max_filesize); - $button = new html_inputfield(array('type' => 'button')); - + $out = html::div($attrib, $OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'), html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) . @@ -1230,7 +1221,7 @@ function rcmail_compose_attachment_form($attrib) ) ) ); - + $OUTPUT->add_gui_object('uploadbox', $attrib['id']); return $out; } |