Moodle

Ensure that all forms in Moodle enforce the file size limit for uploaded files

Details

  • Affected Branches:
    MOODLE_16_STABLE
  • Fixed Branches:
    MOODLE_20_STABLE

Description

I have a database, that contains an image field. It is set to a 500k limit. If an individual tries to upload an image bigger than 500k, they are told it is too large, but the record is saved, minus the picture! This is a BIG problem because my users are allowed to only submit one record. Once they have submitted this failed record, they can't add anymore unless I manually remove the one that they submitted.

If an uploaded image is too large the person should be given the option of submitting a smaller one, and the record should not be saved without it.

Activity

Hide
Petr Škoda (skodak) added a comment -

the new file picker will allow us to fix this in 2.0

Show
Petr Škoda (skodak) added a comment - the new file picker will allow us to fix this in 2.0
Hide
Petr Škoda (skodak) added a comment -

Dongsheng: I suppose this should be fixed now?

Show
Petr Škoda (skodak) added a comment - Dongsheng: I suppose this should be fixed now?
Hide
Petr Škoda (skodak) added a comment -

hmm, looks like the file size restrictions are missing in 2.0

Show
Petr Škoda (skodak) added a comment - hmm, looks like the file size restrictions are missing in 2.0
Hide
Dongsheng Cai added a comment -

Petr what do you mean the restriction is missing? repository_ajax did check the filesize and maxbytes setting

Show
Dongsheng Cai added a comment - Petr what do you mean the restriction is missing? repository_ajax did check the filesize and maxbytes setting
Hide
Petr Škoda (skodak) added a comment -

that is not enough because anybody may cheat by modifying the JS variable, we should always double check the original restrictions in PHP

Show
Petr Škoda (skodak) added a comment - that is not enough because anybody may cheat by modifying the JS variable, we should always double check the original restrictions in PHP
Hide
Dongsheng Cai added a comment -

How to check the original restriction? repository_ajax.php don't have connection with moodle forms when forms are created, unless we use session to track it?

Show
Dongsheng Cai added a comment - How to check the original restriction? repository_ajax.php don't have connection with moodle forms when forms are created, unless we use session to track it?
Hide
Petr Škoda (skodak) added a comment -

you know the restrictions in PHP when saving the form results, right?

Show
Petr Škoda (skodak) added a comment - you know the restrictions in PHP when saving the form results, right?
Hide
Dongsheng Cai added a comment -

yes of course, we can always check the restriction when using file_save_draft_files().
But before hit the save button, how we can let repository_ajax.php check the filesize (in case user cheat the js variable)?

Show
Dongsheng Cai added a comment - yes of course, we can always check the restriction when using file_save_draft_files(). But before hit the save button, how we can let repository_ajax.php check the filesize (in case user cheat the js variable)?
Hide
Petr Škoda (skodak) added a comment -

we can not do it in ajax I think, so it should be enough to do it at the save time only

Show
Petr Škoda (skodak) added a comment - we can not do it in ajax I think, so it should be enough to do it at the save time only
Hide
Dongsheng Cai added a comment -

OK, thanks, I will keep my eyes on form saving to see if file size restriction is missing.

Show
Dongsheng Cai added a comment - OK, thanks, I will keep my eyes on form saving to see if file size restriction is missing.
Hide
Dongsheng Cai added a comment -

Moodle supports larger file size now, and always checks file size when saving draft files, so it won't be a problem any more

Show
Dongsheng Cai added a comment - Moodle supports larger file size now, and always checks file size when saving draft files, so it won't be a problem any more

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: