diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-01-01 03:30:49 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-01 03:30:49 +0300 |
commit | 339b5cd33c5f47a2a67730b3bfb9eed210219585 (patch) | |
tree | 27cfd92572dc24465238e66bfb59e9dee0cd0e0b /core | |
parent | 52c573a0572f079c99bfa3331b8ef4164e199281 (diff) |
Don't accept files that are bigger than the upload limit when uploading plugins (#16849)
* Don't accept files that are bigger than the upload limit when uploading plugins
* improve / simplify code
* adds some tests
Diffstat (limited to 'core')
-rw-r--r-- | core/SettingsServer.php | 60 |
1 files changed, 45 insertions, 15 deletions
diff --git a/core/SettingsServer.php b/core/SettingsServer.php index 6846502ac4..3f61670fd6 100644 --- a/core/SettingsServer.php +++ b/core/SettingsServer.php @@ -196,26 +196,12 @@ class SettingsServer * Prior to PHP 5.2.1, or on Windows, --enable-memory-limit is not a * compile-time default, so ini_get('memory_limit') may return false. * - * @see http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes * @return int|bool memory limit in megabytes, or false if there is no limit */ public static function getMemoryLimitValue() { if (($memory = ini_get('memory_limit')) > 0) { - // handle shorthand byte options (case-insensitive) - $shorthandByteOption = substr($memory, -1); - switch ($shorthandByteOption) { - case 'G': - case 'g': - return substr($memory, 0, -1) * 1024; - case 'M': - case 'm': - return substr($memory, 0, -1); - case 'K': - case 'k': - return substr($memory, 0, -1) / 1024; - } - return $memory / 1048576; + return self::getMegaBytesFromShorthandByte($memory); } // no memory limit @@ -223,6 +209,50 @@ class SettingsServer } /** + * Get php post_max_size (in Megabytes) + * + * @return int|bool max upload size in megabytes, or false if there is no limit + */ + public static function getPostMaxUploadSize() + { + if (($maxPostSize = ini_get('post_max_size')) > 0) { + return self::getMegaBytesFromShorthandByte($maxPostSize); + } + + // no max upload size + return false; + } + + /** + * @see http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes + * @param $value + * @return false|float|int + */ + private static function getMegaBytesFromShorthandByte($value) + { + $value = str_replace(' ', '', $value); + + $shorthandByteOption = substr($value, -1); + switch ($shorthandByteOption) { + case 'G': + case 'g': + return substr($value, 0, -1) * 1024; + case 'M': + case 'm': + return substr($value, 0, -1); + case 'K': + case 'k': + return substr($value, 0, -1) / 1024; + } + + if (is_numeric($value)) { + return (int) $value / 1048576; + } + + return false; + } + + /** * Set maximum script execution time. * * @param int $executionTime max execution time in seconds (0 = no limit) |