[Rt-commit] rt branch, 4.4/check-uploaded-file-size, created. rt-4.4.2-100-ge80e40f081

? sunnavy sunnavy at bestpractical.com
Fri Dec 21 08:34:51 EST 2018


The branch, 4.4/check-uploaded-file-size has been created
        at  e80e40f08185fc4e4c182172e0ed0f8e9c06efed (commit)

- Log -----------------------------------------------------------------
commit 3a5e2ad365f45dd267059f8b83b35fe7a0ecaedf
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Mar 16 21:51:10 2018 +0800

    Check uploaded file size at server side for Dropzone
    
    At client side, we have "maxFilesize" config, which could prevent
    oversized files from being uploaded but it's not always accurate because
    of the encoding overhead for dbs without binary safe blobs support.
    
    Besides, it's more reliable to check size at server side considering
    client js code could be easily modified.

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index aff0f4801c..5a7eef1b02 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -2485,6 +2485,9 @@ sub ProcessAttachments {
     my %args = (
         ARGSRef => {},
         Token   => '',
+        # For back-compatibility, CheckSize is not enabled by default. But for
+        # callers that mean to check returned values, it's safe to enable.
+        CheckSize => wantarray ? 1 : 0,
         @_
     );
 
@@ -2512,11 +2515,30 @@ sub ProcessAttachments {
         # hence it was not decoded along with all of the standard
         # arguments in DecodeARGS
         my $file_path = Encode::decode( "UTF-8", "$new");
+
+        if ( $args{CheckSize} and my $max_size = RT->Config->Get( 'MaxAttachmentSize' ) ) {
+            my $content = $attachment->bodyhandle->as_string;
+
+            # The same encoding overhead as in Record.pm
+            $max_size *= 3 / 4 if !$RT::Handle->BinarySafeBLOBs && $content =~ /\x00/;
+            if ( length $content > $max_size ) {
+                my $file_name = ( File::Spec->splitpath( $file_path ) )[ 2 ];
+                return (
+                    0,
+                    loc(
+                        "File '[_1]' size([_2] bytes) exceeds limit([_3] bytes)",
+                        $file_name, length $content, $max_size
+                    )
+                );
+            }
+        }
+
         $session{'Attachments'}{ $token }{ $file_path } = $attachment;
 
         $update_session = 1;
     }
     $session{'Attachments'} = $session{'Attachments'} if $update_session;
+    return 1;
 }
 
 
diff --git a/share/html/Helpers/Upload/Add b/share/html/Helpers/Upload/Add
index 2e8b064aa8..b54cf3f589 100644
--- a/share/html/Helpers/Upload/Add
+++ b/share/html/Helpers/Upload/Add
@@ -51,8 +51,16 @@ $Token => ''
 
 <%init>
 
-ProcessAttachments( Token => $Token, ARGSRef => \%ARGS );
-$r->content_type('application/json; charset=utf-8');
-$m->out( JSON({status => 'success'}) );
+my ( $status, $msg ) = ProcessAttachments( Token => $Token, ARGSRef => \%ARGS );
+if ( $status ) {
+    $r->content_type( 'application/json; charset=utf-8' );
+    $m->out( JSON( { status => 'success' } ) );
+}
+else {
+    $r->status( 400 );
+    $r->content_type( 'text/plain; charset=utf-8' );
+    $m->out( $msg );
+}
+
 $m->abort;
 </%init>
diff --git a/share/html/SelfService/Helpers/Upload/Add b/share/html/SelfService/Helpers/Upload/Add
index 2e8b064aa8..b54cf3f589 100644
--- a/share/html/SelfService/Helpers/Upload/Add
+++ b/share/html/SelfService/Helpers/Upload/Add
@@ -51,8 +51,16 @@ $Token => ''
 
 <%init>
 
-ProcessAttachments( Token => $Token, ARGSRef => \%ARGS );
-$r->content_type('application/json; charset=utf-8');
-$m->out( JSON({status => 'success'}) );
+my ( $status, $msg ) = ProcessAttachments( Token => $Token, ARGSRef => \%ARGS );
+if ( $status ) {
+    $r->content_type( 'application/json; charset=utf-8' );
+    $m->out( JSON( { status => 'success' } ) );
+}
+else {
+    $r->status( 400 );
+    $r->content_type( 'text/plain; charset=utf-8' );
+    $m->out( $msg );
+}
+
 $m->abort;
 </%init>

commit e80e40f08185fc4e4c182172e0ed0f8e9c06efed
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Dec 21 21:30:58 2018 +0800

    Make dropzone error mark obvious by using the same red color as error message

diff --git a/share/html/Ticket/Elements/AddAttachments b/share/html/Ticket/Elements/AddAttachments
index 1f968aabfc..9345411ce1 100644
--- a/share/html/Ticket/Elements/AddAttachments
+++ b/share/html/Ticket/Elements/AddAttachments
@@ -113,7 +113,7 @@ jQuery( function() {
             '            <title>' + loc_key('error') + '</title>' +
             '            <defs></defs>' +
             '            <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">' +
-            '                <g id="Check-+-Oval-2" sketch:type="MSLayerGroup" stroke="#747474" stroke-opacity="0.198794158" fill="#FFFFFF" fill-opacity="0.816519475">' +
+            '                <g id="Check-+-Oval-2" sketch:type="MSLayerGroup" stroke="#747474" stroke-opacity="0.198794158" fill="#BE2626" fill-opacity="0.816519475">' +
             '                    <path d="M32.6568542,29 L38.3106978,23.3461564 C39.8771021,21.7797521 39.8758057,19.2483887 38.3137085,17.6862915 C36.7547899,16.1273729 34.2176035,16.1255422 32.6538436,17.6893022 L27,23.3431458' +
             '                    L21.3461564,17.6893022 C19.7823965,16.1255422 17.2452101,16.1273729 15.6862915,17.6862915 C14.1241943,19.2483887 14.1228979,21.7797521 15.6893022,23.3461564 L21.3431458,29 L15.6893022,34.6538436' +
             '                    C14.1228979,36.2202479 14.1241943,38.7516113 15.6862915,40.3137085 C17.2452101,41.8726271 19.7823965,41.8744578 21.3461564,40.3106978 L27,34.6568542 L32.6538436,40.3106978 C34.2176035,41.8744578' +

-----------------------------------------------------------------------


More information about the rt-commit mailing list