MDL-33766 files: Improved validation of areamaxbytes

lang/en/role.php

@@ -366,6 +366,7 @@
 $string['user:editownmessageprofile'] = 'Edit own user messaging profile';
 $string['user:editownprofile'] = 'Edit own user profile';
 $string['user:editprofile'] = 'Edit user profile';
+$string['user:ignoreuserquota'] = 'Ignore user quota limit';
 $string['user:loginas'] = 'Login as other users';
 $string['user:manageblocks'] = 'Manage blocks on user profile of other users';
 $string['user:manageownblocks'] = 'Manage blocks on own public user profile';

lib/filelib.php

@@ -29,6 +29,11 @@
  */
 define('BYTESERVING_BOUNDARY', 's1k2o3d4a5k6s7');
 
+/**
+ * Unlimited area size constant
+ */
+define('FILE_AREA_MAX_BYTES_UNLIMITED', -1);
+
 require_once("$CFG->libdir/filestorage/file_exceptions.php");
 require_once("$CFG->libdir/filestorage/file_storage.php");
 require_once("$CFG->libdir/filestorage/zip_packer.php");
@@ -484,14 +489,16 @@ function file_get_draft_area_info($draftitemid) {
 /**
  * Returns whether a draft area has exceeded/will exceed its size limit.
  *
+ * Please note that the unlimited value for $areamaxbytes is -1 {@link FILE_AREA_MAX_BYTES_UNLIMITED}, not 0.
+ *
  * @param int $draftitemid the draft area item id.
  * @param int $areamaxbytes the maximum size allowed in this draft area.
  * @param int $newfilesize the size that would be added to the current area.
  * @return bool true if the area will/has exceeded its limit.
  * @since 2.4
  */
 function file_is_draft_area_limit_reached($draftitemid, $areamaxbytes, $newfilesize = 0) {
-    if ($areamaxbytes != -1) {
+    if ($areamaxbytes != FILE_AREA_MAX_BYTES_UNLIMITED) {
         $draftinfo = file_get_draft_area_info($draftitemid);
         if ($draftinfo['filesize'] + $newfilesize > $areamaxbytes) {
             return true;
@@ -743,6 +750,9 @@ function file_save_draft_area_files($draftitemid, $contextid, $component, $filea
     if (!isset($options['maxbytes']) || $options['maxbytes'] == USER_CAN_IGNORE_FILE_SIZE_LIMITS) {
         $options['maxbytes'] = 0; // unlimited
     }
+    if (!isset($options['areamaxbytes'])) {
+        $options['areamaxbytes'] = FILE_AREA_MAX_BYTES_UNLIMITED; // Unlimited.
+    }
     $allowreferences = true;
     if (isset($options['return_types']) && !($options['return_types'] & FILE_REFERENCE)) {
         // we assume that if $options['return_types'] is NOT specified, we DO allow references.
@@ -751,6 +761,13 @@ function file_save_draft_area_files($draftitemid, $contextid, $component, $filea
         $allowreferences = false;
     }
 
+    // Check if the draft area has exceeded the authorised limit. This should never happen as validation
+    // should have taken place before, unless the user is doing something nauthly. If so, let's just not save
+    // anything at all in the next area.
+    if (file_is_draft_area_limit_reached($draftitemid, $options['areamaxbytes'])) {
+        return null;
+    }
+
     $draftfiles = $fs->get_area_files($usercontext->id, 'user', 'draft', $draftitemid, 'id');
     $oldfiles   = $fs->get_area_files($contextid, $component, $filearea, $itemid, 'id');
 

lib/form/dndupload.js

@@ -38,8 +38,8 @@ M.form_dndupload.init = function(Y, options) {
         acceptedtypes: [],
         // maximum size of files allowed in this form
         maxbytes: 0,
-        // maximum combined size of files allowed in this form
-        areamaxbytes: 0,
+        // Maximum combined size of files allowed in this form. {@link FILE_AREA_MAX_BYTES_UNLIMITED}
+        areamaxbytes: -1,
         // unqiue id of this form field used for html elements
         clientid: '',
         // upload repository id, used for upload
@@ -545,6 +545,7 @@ M.form_dndupload.init = function(Y, options) {
                 return false;
             }
             // The new file will cause the area to reach its limit, we cancel the upload of all files.
+            // -1 is the value defined by FILE_AREA_MAX_BYTES_UNLIMITED.
             if (this.options.areamaxbytes > -1) {
                 var sizereached = this.currentareasize + this.queuesize + file.size;
                 if (sizereached > this.options.areamaxbytes) {

lib/form/editor.php

@@ -51,8 +51,9 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
     public $_type       = 'editor';
 
     /** @var array options provided to initalize filepicker */
-    protected $_options    = array('subdirs'=>0, 'maxbytes'=>0, 'maxfiles'=>0, 'changeformat'=>0,
-                                   'context'=>null, 'noclean'=>0, 'trusttext'=>0, 'return_types'=>7);
+    protected $_options = array('subdirs' => 0, 'maxbytes' => 0, 'maxfiles' => 0, 'changeformat' => 0,
+            'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED, 'context' => null, 'noclean' => 0, 'trusttext' => 0,
+            'return_types' => 7);
     // $_options['return_types'] = FILE_INTERNAL | FILE_EXTERNAL | FILE_REFERENCE
 
     /** @var array values for editor */
@@ -153,6 +154,24 @@ function setMaxbytes($maxbytes) {
         $this->_options['maxbytes'] = get_max_upload_file_size($CFG->maxbytes, $maxbytes);
     }
 
+     /**
+     * Returns the maximum size of the area.
+     *
+     * @return int
+     */
+    function getAreamaxbytes() {
+        return $this->_options['areamaxbytes'];
+    }
+
+    /**
+     * Sets the maximum size of the area.
+     *
+     * @param int $areamaxbytes size limit
+     */
+    function setAreamaxbytes($areamaxbytes) {
+        $this->_options['areamaxbytes'] = $areamaxbytes;
+    }
+
     /**
      * Returns maximum number of files which can be uploaded
      *
@@ -274,6 +293,7 @@ function toHtml() {
 
         $subdirs      = $this->_options['subdirs'];
         $maxbytes     = $this->_options['maxbytes'];
+        $areamaxbytes = $this->_options['areamaxbytes'];
         $maxfiles     = $this->_options['maxfiles'];
         $changeformat = $this->_options['changeformat']; // TO DO: implement as ajax calls
 
@@ -318,6 +338,7 @@ function toHtml() {
             $image_options->context = $ctx;
             $image_options->client_id = uniqid();
             $image_options->maxbytes = $this->_options['maxbytes'];
+            $image_options->areamaxbytes = $this->_options['areamaxbytes'];
             $image_options->env = 'editor';
             $image_options->itemid = $draftitemid;
 
@@ -327,6 +348,7 @@ function toHtml() {
             $media_options->context = $ctx;
             $media_options->client_id = uniqid();
             $media_options->maxbytes  = $this->_options['maxbytes'];
+            $media_options->areamaxbytes  = $this->_options['areamaxbytes'];
             $media_options->env = 'editor';
             $media_options->itemid = $draftitemid;
 
@@ -336,6 +358,7 @@ function toHtml() {
             $link_options->context = $ctx;
             $link_options->client_id = uniqid();
             $link_options->maxbytes  = $this->_options['maxbytes'];
+            $link_options->areamaxbytes  = $this->_options['areamaxbytes'];
             $link_options->env = 'editor';
             $link_options->itemid = $draftitemid;
 
@@ -389,6 +412,7 @@ function toHtml() {
                     'itemid'=>$draftitemid,
                     'subdirs'=>$subdirs,
                     'maxbytes'=>$maxbytes,
+                    'areamaxbytes' => $areamaxbytes,
                     'maxfiles'=>$maxfiles,
                     'ctx_id'=>$ctx->id,
                     'course'=>$PAGE->course->id,

lib/form/filemanager.php

@@ -48,7 +48,8 @@ class MoodleQuickForm_filemanager extends HTML_QuickForm_element {
     // PHP doesn't support 'key' => $value1 | $value2 in class definition
     // We cannot do $_options = array('return_types'=> FILE_INTERNAL | FILE_REFERENCE);
     // So I have to set null here, and do it in constructor
-    protected $_options    = array('mainfile'=>'', 'subdirs'=>1, 'maxbytes'=>-1, 'maxfiles'=>-1, 'accepted_types'=>'*', 'return_types'=> null, 'areamaxbytes' => -1);
+    protected $_options = array('mainfile' => '', 'subdirs' => 1, 'maxbytes' => -1, 'maxfiles' => -1,
+            'accepted_types' => '*', 'return_types' =>  null, 'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED);
 
     /**
      * Constructor
@@ -290,6 +291,7 @@ class form_filemanager implements renderable {
      * @param stdClass $options options for filemanager
      *   default options are:
      *       maxbytes=>-1,
+     *       areamaxbytes => FILE_AREA_MAX_BYTES_UNLIMITED,
      *       maxfiles=>-1,
      *       itemid=>0,
      *       subdirs=>false,
@@ -306,6 +308,7 @@ public function __construct(stdClass $options) {
         require_once($CFG->dirroot. '/repository/lib.php');
         $defaults = array(
             'maxbytes'=>-1,
+            'areamaxbytes' => FILE_AREA_MAX_BYTES_UNLIMITED,
             'maxfiles'=>-1,
             'itemid'=>0,
             'subdirs'=>0,
@@ -381,6 +384,7 @@ public function get_nonjsurl() {
             'itemid'=>$this->options->itemid,
             'subdirs'=>$this->options->subdirs,
             'maxbytes'=>$this->options->maxbytes,
+            'areamaxbytes' => $this->options->areamaxbytes,
             'maxfiles'=>$this->options->maxfiles,
             'ctx_id'=>$PAGE->context->id, // TODO ?
             'course'=>$PAGE->course->id, // TODO ?

repository/draftfiles_manager.php

@@ -55,6 +55,7 @@
 $maxfiles    = optional_param('maxfiles', -1, PARAM_INT);    // maxfiles
 $maxbytes    = optional_param('maxbytes',  0, PARAM_INT);    // maxbytes
 $subdirs     = optional_param('subdirs',  0, PARAM_INT);    // maxbytes
+$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT);    // Area maxbytes.
 
 // draft area
 $newdirname  = optional_param('newdirname', '',    PARAM_FILE);
@@ -70,7 +71,7 @@
 
 $fs = get_file_storage();
 
-$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
+$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
 $PAGE->set_url('/repository/draftfiles_manager.php', $params);
 $filepicker_url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);
 

repository/filepicker.js

@@ -544,6 +544,7 @@ M.core_filepicker.init = function(Y, options) {
             params['client_id'] = args.client_id;
             params['itemid'] = this.options.itemid?this.options.itemid:0;
             params['maxbytes'] = this.options.maxbytes?this.options.maxbytes:-1;
+            // The unlimited value of areamaxbytes is -1, it is defined by FILE_AREA_MAX_BYTES_UNLIMITED.
             params['areamaxbytes'] = this.options.areamaxbytes ? this.options.areamaxbytes : -1;
             if (this.options.context && this.options.context.id) {
                 params['ctx_id'] = this.options.context.id;

repository/filepicker.php

@@ -59,6 +59,7 @@
 $maxfiles    = optional_param('maxfiles', -1,      PARAM_INT);    // maxfiles
 $maxbytes    = optional_param('maxbytes',  0,      PARAM_INT);    // maxbytes
 $subdirs     = optional_param('subdirs',  0,       PARAM_INT);    // maxbytes
+$areamaxbytes   = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT);    // Area maxbytes.
 $accepted_types = optional_param_array('accepted_types', '*', PARAM_RAW);
 
 // the path to save files
@@ -93,7 +94,7 @@
 // Make sure maxbytes passed is within site filesize limits.
 $maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $course->maxbytes, $maxbytes);
 
-$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
+$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
 $params['action'] = 'browse';
 $params['draftpath'] = $draftpath;
 $home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
@@ -318,7 +319,7 @@
     $record->sortorder = 0;
 
     if ($repo->has_moodle_files()) {
-        $fileinfo = $repo->copy_to_area($reference, $record, $maxbytes);
+        $fileinfo = $repo->copy_to_area($reference, $record, $maxbytes, $areamaxbytes);
         redirect($home_url, get_string('downloadsucc', 'repository'));
     } else {
         $thefile = $repo->get_file($reference, $filename);
@@ -328,6 +329,11 @@
                 unlink($thefile['path']);
                 print_error('maxbytes');
             }
+            // Ensure the file will not make the area exceed its size limit.
+            if (file_is_draft_area_limit_reached($record->itemid, $areamaxbytes, $filesize)) {
+                unlink($thefile['path']);
+                print_error('maxareabytes');
+            }
             try {
                 $info = repository::move_to_filepool($thefile['path'], $record);
                 redirect($home_url, get_string('downloadsucc', 'repository'));

repository/lib.php

@@ -706,9 +706,11 @@ public function file_is_accessible($source) {
      *      attributes of the new file
      * @param int $maxbytes maximum allowed size of file, -1 if unlimited. If size of file exceeds
      *      the limit, the file_exception is thrown.
+     * @param int $areamaxbytes the maximum size of the area. A file_exception is thrown if the
+     *      new file will reach the limit.
      * @return array The information about the created file
      */
-    public function copy_to_area($source, $filerecord, $maxbytes = -1) {
+    public function copy_to_area($source, $filerecord, $maxbytes = -1, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) {
         global $USER;
         $fs = get_file_storage();
 
@@ -732,6 +734,10 @@ public function copy_to_area($source, $filerecord, $maxbytes = -1) {
         if ($maxbytes != -1 && $stored_file->get_filesize() > $maxbytes) {
             throw new file_exception('maxbytes');
         }
+        // Validate the size of the draft area.
+        if (file_is_draft_area_limit_reached($draftitemid, $areamaxbytes, $stored_file->get_filesize())) {
+            throw new file_exception('maxareabytes');
+        }
 
         if (repository::draftfile_exists($draftitemid, $new_filepath, $new_filename)) {
             // create new file

repository/repository_ajax.php

@@ -46,7 +46,7 @@
 $req_path  = optional_param('p', '', PARAM_RAW);                // Path
 $accepted_types  = optional_param_array('accepted_types', '*', PARAM_RAW);
 $saveas_filename = optional_param('title', '', PARAM_FILE);     // save as file name
-$areamaxbytes  = optional_param('areamaxbytes', -1, PARAM_INT); // Area max bytes
+$areamaxbytes  = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); // Area max bytes.
 $saveas_path   = optional_param('savepath', '/', PARAM_PATH);   // save as file path
 $search_text   = optional_param('s', '', PARAM_CLEANHTML);
 $linkexternal  = optional_param('linkexternal', '', PARAM_ALPHA);
@@ -290,7 +290,7 @@
 
                 // If the moodle file is an alias we copy this alias, otherwise we copy the file
                 // {@link repository::copy_to_area()}.
-                $fileinfo = $repo->copy_to_area($reference, $record, $maxbytes);
+                $fileinfo = $repo->copy_to_area($reference, $record, $maxbytes, $areamaxbytes);
 
                 echo json_encode($fileinfo);
                 die;

repository/upload/lib.php

@@ -57,7 +57,7 @@ public function upload($saveas_filename, $maxbytes) {
         $itemid   = optional_param('itemid', 0, PARAM_INT);
         $license  = optional_param('license', $CFG->sitedefaultlicense, PARAM_TEXT);
         $author   = optional_param('author', '', PARAM_TEXT);
-        $areamaxbytes = optional_param('areamaxbytes', -1, PARAM_INT);
+        $areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT);
         $overwriteexisting = optional_param('overwrite', false, PARAM_BOOL);
 
         return $this->process_upload($saveas_filename, $maxbytes, $types, $savepath, $itemid, $license, $author, $overwriteexisting, $areamaxbytes);
@@ -73,10 +73,11 @@ public function upload($saveas_filename, $maxbytes) {
      * @param string $license optional the license to use for this file
      * @param string $author optional the name of the author of this file
      * @param bool $overwriteexisting optional user has asked to overwrite the existing file
+     * @param int $areamaxbytes maximum size of the file area.
      * @return object containing details of the file uploaded
      */
     public function process_upload($saveas_filename, $maxbytes, $types = '*', $savepath = '/', $itemid = 0,
-            $license = null, $author = '', $overwriteexisting = false, $areamaxbytes = -1) {
+            $license = null, $author = '', $overwriteexisting = false, $areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED) {
         global $USER, $CFG;
 
         if ((is_array($types) and in_array('*', $types)) or $types == '*') {

user/files.php

@@ -53,7 +53,7 @@
 
 $maxareabytes = $CFG->userquota;
 if (has_capability('moodle/user:ignoreuserquota', $context)) {
-    $maxareabytes = -1;
+    $maxareabytes = FILE_AREA_MAX_BYTES_UNLIMITED;
 }
 
 $data = new stdClass();

version.php

@@ -30,7 +30,7 @@
 defined('MOODLE_INTERNAL') || die();
 
 
-$version  = 2012110101.00;              // YYYYMMDD      = weekly release date of this DEV branch
+$version  = 2012110101.01;              // YYYYMMDD      = weekly release date of this DEV branch
                                         //         RR    = release increments - 00 in DEV branches
                                         //           .XX = incremental changes