- Add client-side checking of uploaded files size

13 years ago · fe0cb657f1
parent faf10e8fec
commit fe0cb657f1
4 changed files with 30 additions and 15 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Add client-side checking of uploaded files size
 - Add newlines between organization, department, jobtitle (#1488028)
 - Recalculate date when replying to a message and localize the cite header (#1487675)
 - Fix XSS vulnerability in UI messages (#1488030)
--- a/program/include/main.inc
+++ b/program/include/main.inc
@ -2332,7 +2332,7 @@ function rcube_upload_progress()
    $RCMAIL->output->send();
 }

-function rcube_upload_progress_init()
+function rcube_upload_init()
 {
    global $RCMAIL;

@ -2343,6 +2343,19 @@ function rcube_upload_progress_init()
            $RCMAIL->output->set_env('upload_progress_time', (int) $seconds);
        }
    }
+
+    // find max filesize value
+    $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
+    $max_postsize = parse_bytes(ini_get('post_max_size'));
+    if ($max_postsize && $max_postsize < $max_filesize)
+        $max_filesize = $max_postsize;
+
+    $RCMAIL->output->set_env('max_filesize', $max_filesize);
+    $max_filesize = show_bytes($max_filesize);
+    $RCMAIL->output->set_env('filesizeerror', rcube_label(array(
+        'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize))));
+
+    return $max_filesize;
 }

 /**
--- a/program/js/app.js
+++ b/program/js/app.js
@ -3253,11 +3253,21 @@ function rcube_webmail()
      return false;

    // get file input field, count files on capable browser
-    var field = $('input[type=file]', form).get(0),
+    var i, size = 0, field = $('input[type=file]', form).get(0),
      files = field.files ? field.files.length : field.value ? 1 : 0;

    // create hidden iframe and post upload form
    if (files) {
+      // check file size
+      if (field.files && this.env.max_filesize && this.env.filesizeerror) {
+        for (i=0; i<files; i++)
+          size += field.files[i].size;
+        if (size && size > this.env.max_filesize) {
+          this.display_message(this.env.filesizeerror, 'error');
+          return;
+        }
+      }
+
      var frame_name = this.async_upload_form(form, 'upload', function(e) {
        var d, content = '';
        try {
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@ -1206,20 +1206,11 @@ function rcmail_compose_attachment_form($attrib)
  if (!$attrib['id'])
    $attrib['id'] = 'rcmUploadbox';

-  // Enable upload progress bar
-  rcube_upload_progress_init();
+  // Get filesize, enable upload progress bar
+  $max_filesize = rcube_upload_init();

-  // find max filesize value
-  $max_filesize = parse_bytes(ini_get('upload_max_filesize'));
-  $max_postsize = parse_bytes(ini_get('post_max_size'));
-  if ($max_postsize && $max_postsize < $max_filesize)
-    $max_filesize = $max_postsize;
-
-  $OUTPUT->set_env('max_filesize', $max_filesize);
-  $max_filesize = show_bytes($max_filesize);
-  
  $button = new html_inputfield(array('type' => 'button'));
-  
+
  $out = html::div($attrib,
    $OUTPUT->form_tag(array('name' => 'uploadform', 'method' => 'post', 'enctype' => 'multipart/form-data'),
      html::div(null, rcmail_compose_attachment_field(array('size' => $attrib['attachmentfieldsize']))) .
@ -1230,7 +1221,7 @@ function rcmail_compose_attachment_form($attrib)
      )
    )
  );
-  
+
  $OUTPUT->add_gui_object('uploadbox', $attrib['id']);
  return $out;
 }