[BUGFIX] Limit upload chunk size to a reasonable value

Not really a bug but avoid users to fall in php configuration traps.
ref #303

Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7cb37f296a4f487dc4029f0e4f491ad90f35b42..d2598a01d108b141058941b6fc84d6d97f13af01 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,12 @@
 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
 
 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
 

+# version 4.5
+
+- Fix side effects of setting too high values in php configuration.
+
+New configuration items:
+-  `max_upload_chunk_size_bytes` option

 
 # version 4.4.0
 
 
 # version 4.4.0
 

diff --git a/index.php b/index.php
index 9edb3af0668ead01a07084a923f88d777925b537..9f1b0c721f7f6d9bf58ec414a726d61c8bd67516 100644 (file)
--- a/index.php
+++ b/index.php
@@ -269,7 +269,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
     onclick="
         document.getElementById('upload').style.display = 'none';
         document.getElementById('uploading').style.display = '';
     onclick="
         document.getElementById('upload').style.display = 'none';
         document.getElementById('uploading').style.display = '';

-        upload (<?php echo jirafeau_get_max_upload_size_bytes(); ?>);
+        upload (<?php echo jirafeau_get_max_upload_chunk_size_bytes($cfg['max_upload_chunk_size_bytes']); ?>);

     "/>
     </p>
         </table>
     "/>
     </p>
         </table>

diff --git a/lib/config.original.php b/lib/config.original.php
index 51364d06e7ddeb272b9581bba0eb670863638c10..ffff3ce843161f23534697296ce86320f2243f8f 100644 (file)
--- a/lib/config.original.php
+++ b/lib/config.original.php
@@ -210,3 +210,14 @@ $cfg['installation_done'] = false;
  * var- folder should kept secret and accessing it may lead to data leak if unprotected.
  */
 $cfg['debug'] = false;
  * var- folder should kept secret and accessing it may lead to data leak if unprotected.
  */
 $cfg['debug'] = false;

+
+/** Set Jirafeau's maximal upload chunk
+ * When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities.
+ * Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize).
+ * However, too large PHP configuration values are not needed and could induce unwanted side effects (see #303).
+ * This parameter set Jirafeau's own maximal chunk size with a reasonable value.
+ * Option is only used for async uploads and won't be used for browsers without html5 support.
+ * You should not touch this parameter unless you have good reason to do so. Feel free to open an issue to ask questions.
+ * Set to 0 to remove limitation.
+ */
+$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB

diff --git a/lib/functions.js.php b/lib/functions.js.php
index 2127dbbb3f6201700b94bfce53545189839a2d62..c1a81d8045c16bc2ecbb5c2346d3f2188404f676 100644 (file)
--- a/lib/functions.js.php
+++ b/lib/functions.js.php
@@ -596,14 +596,14 @@ function async_upload_end (code)
     req.send (form);
 }
 
     req.send (form);
 }
 

-function upload (max_size)
+function upload (max_chunk_size)

 {
     var one_time_checkbox = document.getElementById('one_time_download');
     var one_time = one_time_checkbox !== null ? one_time_checkbox.checked : false;
     if (check_html5_file_api ())
     {
         async_upload_start (
 {
     var one_time_checkbox = document.getElementById('one_time_download');
     var one_time = one_time_checkbox !== null ? one_time_checkbox.checked : false;
     if (check_html5_file_api ())
     {
         async_upload_start (

-            max_size,
+            max_chunk_size,

             document.getElementById('file_select').files[0],
             document.getElementById('select_time').value,
             document.getElementById('input_key').value,
             document.getElementById('file_select').files[0],
             document.getElementById('select_time').value,
             document.getElementById('input_key').value,

diff --git a/lib/functions.php b/lib/functions.php
index 46c004a101606e77623e07b860e6fa01bd8d35f2..4dcf5de235f94cb35c5670c17a495c8e26d51c93 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -229,6 +229,21 @@ function jirafeau_get_max_upload_size()
     return jirafeau_human_size(jirafeau_get_max_upload_size_bytes());
 }
 
     return jirafeau_human_size(jirafeau_get_max_upload_size_bytes());
 }
 

+/**
+ * get the maximal upload size for a data chunk in async uploads
+ * @param max_upload_chunk_size_bytes
+ */
+function jirafeau_get_max_upload_chunk_size_bytes($max_upload_chunk_size_bytes = 0)
+{
+    if ($max_upload_chunk_size_bytes > 0) {
+        return min(
+            jirafeau_get_max_upload_size_bytes(),
+            $max_upload_chunk_size_bytes
+        );
+    }
+    return jirafeau_get_max_upload_size_bytes();
+}
+

 /**
  * gets a string explaining the error
  * @param $code the error code
 /**
  * gets a string explaining the error
  * @param $code the error code


@@ -835,7 +850,8 @@ function jirafeau_admin_bug_report($cfg)
         'enable_crypt',
         'preview',
         'maximal_upload_size',
         'enable_crypt',
         'preview',
         'maximal_upload_size',

-        'store_uploader_ip'
+        'store_uploader_ip',
+        'max_upload_chunk_size_bytes'

     ];
     foreach ($jirafeau_options as &$o) {
         $v = $cfg[$o];
     ];
     foreach ($jirafeau_options as &$o) {
         $v = $cfg[$o];