2 files changed, 53 insertions, 12 deletions
diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php
index 9ad12b1082..5a5b8a1874 100644
--- a/phpBB/phpbb/plupload/plupload.php
+++ b/phpBB/phpbb/plupload/plupload.php
@@ -274,22 +274,37 @@ class plupload
 	}
 
 	/**
-	* Checks various php.ini values and the maximum file size to determine
-	* the maximum size chunks a file can be split up into for upload
-	*
-	* @return int
-	*/
+	 * Checks various php.ini values to determine the maximum chunk
+	 * size a file should be split into for upload.
+	 *
+	 * The intention is to calculate a value which reflects whatever
+	 * the most restrictive limit is set to.  And to then set the chunk
+	 * size to half that value, to ensure any required transfer overhead
+	 * and POST data remains well within the limit.  Or, if all of the
+	 * limits are set to unlimited, the chunk size will also be unlimited.
+	 *
+	 * @return int
+	 *
+	 * @access public
+	 */
 	public function get_chunk_size()
 	{
-		$max = min(
+		$max = 0;
+
+		$limits = [
+			$this->php_ini->getBytes('memory_limit'),
 			$this->php_ini->getBytes('upload_max_filesize'),
 			$this->php_ini->getBytes('post_max_size'),
-			max(1, $this->php_ini->getBytes('memory_limit')),
-			$this->config['max_filesize']
-		);
+		];
+
+		foreach ($limits as $limit_type)
+		{
+			if ($limit_type > 0)
+			{
+				$max = ($max !== 0) ? min($limit_type, $max) : $limit_type;
+			}
+		}
 
-		// Use half of the maximum possible to leave plenty of room for other
-		// POST data.
 		return floor($max / 2);
 	}
 
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 38e40ba29e..7624a67b05 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -1077,7 +1077,7 @@ class session
 	*/
 	function set_cookie($name, $cookiedata, $cookietime, $httponly = true)
 	{
-		global $config;
+		global $config, $phpbb_dispatcher;
 
 		// If headers are already set, we just return
 		if (headers_sent())
@@ -1085,6 +1085,32 @@ class session
 			return;
 		}
 
+		$disable_cookie = false;
+		/**
+		* Event to modify or disable setting cookies
+		*
+		* @event core.set_cookie
+		* @var	bool		disable_cookie	Set to true to disable setting this cookie
+		* @var	string		name			Name of the cookie
+		* @var	string		cookiedata		The data to hold within the cookie
+		* @var	int			cookietime		The expiration time as UNIX timestamp
+		* @var	bool		httponly		Use HttpOnly?
+		* @since 3.2.9-RC1
+		*/
+		$vars = array(
+			'disable_cookie',
+			'name',
+			'cookiedata',
+			'cookietime',
+			'httponly',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars)));
+
+		if ($disable_cookie)
+		{
+			return;
+		}
+
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];