From: Jerome Jutteau Date: Sun, 3 Jul 2022 11:38:23 +0000 (+0200) Subject: [BUGFIX] Limit upload chunk size to a reasonable value X-Git-Tag: 4.5.0~25 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/6eca3aa915782488ab0d688d7397c42e3fdf30b4?ds=sidebyside;hp=--cc [BUGFIX] Limit upload chunk size to a reasonable value Not really a bug but avoid users to fall in php configuration traps. ref #303 Signed-off-by: Jerome Jutteau --- 6eca3aa915782488ab0d688d7397c42e3fdf30b4 diff --git a/CHANGELOG.md b/CHANGELOG.md index c7cb37f..d2598a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,12 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. +# version 4.5 + +- Fix side effects of setting too high values in php configuration. + +New configuration items: +- `max_upload_chunk_size_bytes` option # version 4.4.0 diff --git a/index.php b/index.php index 9edb3af..9f1b0c7 100644 --- a/index.php +++ b/index.php @@ -269,7 +269,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) { onclick=" document.getElementById('upload').style.display = 'none'; document.getElementById('uploading').style.display = ''; - upload (); + upload (); "/>

diff --git a/lib/config.original.php b/lib/config.original.php index 51364d0..ffff3ce 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -210,3 +210,14 @@ $cfg['installation_done'] = false; * var- folder should kept secret and accessing it may lead to data leak if unprotected. */ $cfg['debug'] = false; + +/** Set Jirafeau's maximal upload chunk + * When Jirafeau upload a large file, Jirafeau sends several data chunks to fit server's capabilities. + * Jirafeau tries to upload each data chunk with the maximal size allowed by PHP (post_max_size and upload_max_filesize). + * However, too large PHP configuration values are not needed and could induce unwanted side effects (see #303). + * This parameter set Jirafeau's own maximal chunk size with a reasonable value. + * Option is only used for async uploads and won't be used for browsers without html5 support. + * You should not touch this parameter unless you have good reason to do so. Feel free to open an issue to ask questions. + * Set to 0 to remove limitation. + */ +$cfg['max_upload_chunk_size_bytes'] = 100000000; // 100MB diff --git a/lib/functions.js.php b/lib/functions.js.php index 2127dbb..c1a81d8 100644 --- a/lib/functions.js.php +++ b/lib/functions.js.php @@ -596,14 +596,14 @@ function async_upload_end (code) req.send (form); } -function upload (max_size) +function upload (max_chunk_size) { var one_time_checkbox = document.getElementById('one_time_download'); var one_time = one_time_checkbox !== null ? one_time_checkbox.checked : false; if (check_html5_file_api ()) { async_upload_start ( - max_size, + max_chunk_size, document.getElementById('file_select').files[0], document.getElementById('select_time').value, document.getElementById('input_key').value, diff --git a/lib/functions.php b/lib/functions.php index 46c004a..4dcf5de 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -229,6 +229,21 @@ function jirafeau_get_max_upload_size() return jirafeau_human_size(jirafeau_get_max_upload_size_bytes()); } +/** + * get the maximal upload size for a data chunk in async uploads + * @param max_upload_chunk_size_bytes + */ +function jirafeau_get_max_upload_chunk_size_bytes($max_upload_chunk_size_bytes = 0) +{ + if ($max_upload_chunk_size_bytes > 0) { + return min( + jirafeau_get_max_upload_size_bytes(), + $max_upload_chunk_size_bytes + ); + } + return jirafeau_get_max_upload_size_bytes(); +} + /** * gets a string explaining the error * @param $code the error code @@ -835,7 +850,8 @@ function jirafeau_admin_bug_report($cfg) 'enable_crypt', 'preview', 'maximal_upload_size', - 'store_uploader_ip' + 'store_uploader_ip', + 'max_upload_chunk_size_bytes' ]; foreach ($jirafeau_options as &$o) { $v = $cfg[$o];