[#MDL-8716] Ensure that all forms in Moodle enforce the file size limit for uploaded files - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.6
Fix Version/s: 2.0.2, STABLE sprint 1
Component/s: Database activity module
Labels:
None

Affected Branches:
MOODLE_16_STABLE
Fixed Branches:
MOODLE_20_STABLE

Description

I have a database, that contains an image field. It is set to a 500k limit. If an individual tries to upload an image bigger than 500k, they are told it is too large, but the record is saved, minus the picture! This is a BIG problem because my users are allowed to only submit one record. Once they have submitted this failed record, they can't add anymore unless I manually remove the one that they submitted.

If an uploaded image is too large the person should be given the option of submitting a smaller one, and the record should not be saved without it.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Petr Škoda (skodak) added a comment - 09/Oct/08 5:56 AM

the new file picker will allow us to fix this in 2.0

Show

Petr Škoda (skodak) added a comment - 09/Oct/08 5:56 AM the new file picker will allow us to fix this in 2.0

Hide

Permalink

Petr Škoda (skodak) added a comment - 01/Aug/10 6:12 PM

Dongsheng: I suppose this should be fixed now?

Show

Petr Škoda (skodak) added a comment - 01/Aug/10 6:12 PM Dongsheng: I suppose this should be fixed now?

Hide

Permalink

Petr Škoda (skodak) added a comment - 01/Aug/10 6:13 PM

hmm, looks like the file size restrictions are missing in 2.0

Show

Petr Škoda (skodak) added a comment - 01/Aug/10 6:13 PM hmm, looks like the file size restrictions are missing in 2.0

Hide

Permalink

Dongsheng Cai added a comment - 02/Aug/10 2:38 PM

Petr what do you mean the restriction is missing? repository_ajax did check the filesize and maxbytes setting

Show

Dongsheng Cai added a comment - 02/Aug/10 2:38 PM Petr what do you mean the restriction is missing? repository_ajax did check the filesize and maxbytes setting

Hide

Permalink

Petr Škoda (skodak) added a comment - 02/Aug/10 2:59 PM

that is not enough because anybody may cheat by modifying the JS variable, we should always double check the original restrictions in PHP

Show

Petr Škoda (skodak) added a comment - 02/Aug/10 2:59 PM that is not enough because anybody may cheat by modifying the JS variable, we should always double check the original restrictions in PHP

Hide

Permalink

Dongsheng Cai added a comment - 02/Aug/10 3:06 PM

How to check the original restriction? repository_ajax.php don't have connection with moodle forms when forms are created, unless we use session to track it?

Show

Dongsheng Cai added a comment - 02/Aug/10 3:06 PM How to check the original restriction? repository_ajax.php don't have connection with moodle forms when forms are created, unless we use session to track it?

Hide

Permalink

Petr Škoda (skodak) added a comment - 02/Aug/10 3:11 PM

you know the restrictions in PHP when saving the form results, right?

Show

Petr Škoda (skodak) added a comment - 02/Aug/10 3:11 PM you know the restrictions in PHP when saving the form results, right?

Hide

Permalink

Dongsheng Cai added a comment - 02/Aug/10 3:18 PM

yes of course, we can always check the restriction when using file_save_draft_files().
But before hit the save button, how we can let repository_ajax.php check the filesize (in case user cheat the js variable)?

Show

Dongsheng Cai added a comment - 02/Aug/10 3:18 PM yes of course, we can always check the restriction when using file_save_draft_files(). But before hit the save button, how we can let repository_ajax.php check the filesize (in case user cheat the js variable)?

Hide

Permalink

Petr Škoda (skodak) added a comment - 02/Aug/10 3:24 PM

we can not do it in ajax I think, so it should be enough to do it at the save time only

Show

Petr Škoda (skodak) added a comment - 02/Aug/10 3:24 PM we can not do it in ajax I think, so it should be enough to do it at the save time only

Hide

Permalink

Dongsheng Cai added a comment - 02/Aug/10 3:33 PM

OK, thanks, I will keep my eyes on form saving to see if file size restriction is missing.

Show

Dongsheng Cai added a comment - 02/Aug/10 3:33 PM OK, thanks, I will keep my eyes on form saving to see if file size restriction is missing.

Hide

Permalink

Dongsheng Cai added a comment - 15/Dec/10 10:47 AM

Moodle supports larger file size now, and always checks file size when saving draft files, so it won't be a problem any more

Show

Dongsheng Cai added a comment - 15/Dec/10 10:47 AM Moodle supports larger file size now, and always checks file size when saving draft files, so it won't be a problem any more

People

Assignee:

Dongsheng Cai

Reporter:

N Hansen

Participants:

Dongsheng Cai, N Hansen, Petr Škoda (skodak)

Vote (0)

Watch (1)

Dates

Created:

02/Mar/07 1:27 AM

Updated:

13/Jan/11 9:58 PM

Resolved:

15/Dec/10 10:47 AM