summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-08-16 12:11:21 +0000
committeralecpl <alec@alec.pl>2011-08-16 12:11:21 +0000
commitfe0cb657f1b3c0a5b097a4f7a2b670ea8c52997b (patch)
tree9c71d5b15da006ccc2289c03b4ed0e1b2a2be3bd
parentfaf10e8fec3dcd4439a3a22cb2e3877c4b622b33 (diff)
- Add client-side checking of uploaded files size
-rw-r--r--CHANGELOG1
-rw-r--r--program/include/main.inc15
-rw-r--r--program/js/app.js12
-rw-r--r--program/steps/mail/compose.inc17
4 files changed, 30 insertions, 15 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 73d57fc91..1164bad48 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Add client-side checking of uploaded files size
- Add newlines between organization, department, jobtitle (#1488028)
- Recalculate date when replying to a message and localize the cite header (#1487675)
- Fix XSS vulnerability in UI messages (#1488030)
diff --git a/program/include/main.inc b/program/include/main.inc
index d43f8ea50..a3edbf7ca 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -2332,7 +2332,7 @@ function rcube_upload_progress()
$RCMAIL->output->send();
}
-function rcube_upload_progress_init()
+function rcube_upload_init()
{
global $RCMAIL;
@@ -2343,6 +2343,19 @@ function rcube_upload_progress_init()
$RCMAIL->output->set_env('upload_progress_time', (int) $seconds);
}
}
+
+ // find max filesize value
+ $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
+ $max_postsize = parse_bytes(ini_get('post_max_size'));
+ if ($max_postsize && $max_postsize < $max_filesize)
+ $max_filesize = $max_postsize;
+
+ $RCMAIL->output->set_env('max_filesize', $max_filesize);
+ $max_filesize = show_bytes($max_filesize);
+ $RCMAIL->output->set_env('filesizeerror', rcube_label(array(
+ 'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize))));
+
+ return $max_filesize;
}
/**
diff --git a/program/js/app.js b/program/js/app.js
index a4fa4194b..717b21cfe 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3253,11 +3253,21 @@ function rcube_webmail()
return false;
// get file input field, count files on capable browser
- var field = $('input[type=file]', form).get(0),
+ var i, size = 0, field = $('input[type=file]', form).get(0),
files = field.files ? field.files.length : field.value ? 1 : 0;
// create hidden iframe and post upload form
if (files) {
+ // check file size
+ if (field.files && this.env.max_filesize && this.env.filesizeerror) {
+ for (i=0; i<files; i++)
+ size += field.files[i].size;
+ if (size && size > this.env.max_filesize) {
+ this.display_message(this.env.filesizeerror, 'error');
+ return;
+ }
+ }
+
var frame_name = this.async_upload_form(form, 'upload', function(e) {
var d, content = '';
try {
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 31de0d9ee..9a94ff742 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -1206,20 +1206,11 @@ function rcmail_compose_attachment_form($attrib)
if (!$attrib['id'])
$attrib['id'] = 'rcmUploadbox';
- // Enable upload progress bar
- rcube_upload_progress_init();
+ // Get filesize, enable upload progress bar
+ $max_filesize = rcube_upload_init();
- // find max filesize value
- $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
- $max_postsize = parse_bytes(ini_get('post_max_size'));
- if ($max_postsize && $max_postsize < $max_filesize)
- $max_filesize = $max_postsize;
-
- $OUTPUT->set_env('max_filesize', $max_filesize);
- $max_filesize = show_bytes($max_filesize);
-
$button = new html_inputfield(array('type' => 'button'));
-
+
$out = html::div($attrib,
$OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),
html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .
@@ -1230,7 +1221,7 @@ function rcmail_compose_attachment_form($attrib)
)
)
);
-
+
$OUTPUT->add_gui_object('uploadbox', $attrib['id']);
return $out;
}