While copying a file to your Private Files, if we hack $maxbytes in repository_ajax.php (MDL-36448), then it is possible to upload a file which is greater than $maxbytes but smaller than $CFG->userquota. And this means that any area over Moodle do not respect $CFG->maxbytes properly.
The reason is that in between defining the initial $maxbytes for the File Manager and saving the information in file_save_draft_area_files() there is no check for what should be $maxbytes according to the settings. In repository_ajax.php this check is made by using get_user_max_upload_file_size().
Please note that while fixing this, file references should not be affected by any *bytes limitations (areamaxbytes, maxbytes).
- Apply the following to repository_ajax.php
- Set the setting maxbytes to something small
- Go to your privates files
- Visit Dropbox and upload a file greater than the maxbytes
- Validate the form
- The file disappears
- The file is uploaded and accessible in your Private Files