[MDL-30496] Incorrect checking of upload server limit in WebService upload.php script - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.1, 2.2
Fix Version/s: 2.2
Component/s: Web Services
Labels:
- triaged

Affected Branches:
MOODLE_21_STABLE, MOODLE_22_STABLE
Fixed Branches:
MOODLE_22_STABLE
Pull from Repository:
git://github.com/mouneyrac/moodle.git
Pull Master Diff URL:
https://github.com/mouneyrac/moodle/commit/00bad4ba6d858b3a9aa1765d85870d500544be7a
Testing Instructions:

Hide

Administration -> Security -> Site policies -> Maximum uploaded file size Set to sever limit

Try to upload a file using the mobile app

The file will not be stored

Show
Administration -> Security -> Site policies -> Maximum uploaded file size Set to sever limit Try to upload a file using the mobile app The file will not be stored

Description

If you set Administration ~~> Security -> Site policies -> Maximum uploaded file size to sever limit the $CFG~~>maxbytes setting will be set to 0, this will prevent any file to be uploaded

Check:

https://github.com/moodle/moodle/blob/master/webservice/upload.php#L111
if (($_FILES[$fieldname]['size'] > $CFG->maxbytes)) {

This will always return true, so you can't upload files

I think this will fix the problem:

if ($CFG->maxbytes && ($_FILES[$fieldname]['size'] > $CFG->maxbytes)) {

Attachments

Issue Links

has a non-specific relationship to

MDL-30542 Backport webservice/upload.php 2.2 changes in 2.1 when possible

Closed

MDL-30459 Better error message in webservice/upload.php, create file handling web service demo client, update doc

Closed

Activity

People

Assignee:: Jérôme Mouneyrac

Reporter:: Juan Leyva

Integrator:: Aparup Banerjee

Tester:: Rossiani Wijaya

Participants:: Aparup Banerjee, Eloy Lafuente (stronk7), Jérôme Mouneyrac, Juan Leyva, Michael de Raadt, Rossiani Wijaya

Component watchers:: Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Nov/11 5:24 AM

Updated:: 02/Dec/11 6:25 AM

Resolved:: 02/Dec/11 6:25 AM

Fix Release Date:: 5/Dec/11