diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-05-14 01:19:49 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-05-14 01:19:49 +0200 |
| commit | 5fb945c220656b36a42c9d621b692c1c69826c74 (patch) | |
| tree | 3c98dd93bf43cfb9eb8dded8991b2821cccfe2a5 | |
| parent | 91399fd3571fc2fe95eb680564cad6103adadf59 (diff) | |
| parent | e4398ef42e8b50978f23cfb6c9145763ab0156ae (diff) | |
| download | forums-5fb945c220656b36a42c9d621b692c1c69826c74.tar forums-5fb945c220656b36a42c9d621b692c1c69826c74.tar.gz forums-5fb945c220656b36a42c9d621b692c1c69826c74.tar.bz2 forums-5fb945c220656b36a42c9d621b692c1c69826c74.tar.xz forums-5fb945c220656b36a42c9d621b692c1c69826c74.zip | |
Merge branch 'feature/bantu/remote_upload-filesize' into develop-olympus
* feature/bantu/remote_upload-filesize:
[feature/remote_upload-filesize] Also check HTTP content-length before actually starting the file transfer.
[feature/remote_upload-filesize] When transferring files from a remote webserver, abort the transfer as soon as the allowed filesize has been exceeded.
| -rw-r--r-- | phpBB/includes/functions_upload.php | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 054af29045..51fed45ebd 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -775,7 +775,18 @@ class fileupload { if ($get_info) { - $data .= @fread($fsock, 1024); + $block = @fread($fsock, 1024); + $filesize += strlen($block); + + if ($this->max_filesize && $filesize > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; } else { @@ -791,6 +802,18 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($length && $length > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } else if (stripos($line, '404 not found') !== false) { $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); |