Commit 61d9ac44 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Make sure filenames are <= 1024 chars long

parent aa2b9b45
......@@ -253,12 +253,19 @@ function pieform_element_filebrowser_doupdate(Pieform $form, $element) {
$update = param_variable($prefix . '_update', null);
if (is_array($update)) {
$edit_title = param_variable($prefix . '_edit_title');
if (!strlen($edit_title)) {
$namelength = strlen($edit_title);
if (!$namelength) {
return array(
'error' => true,
'message' => get_string('filenamefieldisrequired', 'artefact.file')
);
}
else if ($namelength > 1024) {
return array(
'error' => true,
'message' => get_string('nametoolong', 'artefact.file'),
);
}
$keys = array_keys($update);
$data = array(
'artefact' => (int) ($keys[0]),
......@@ -289,13 +296,20 @@ function pieform_element_filebrowser_doupdate(Pieform $form, $element) {
$createfolder = param_variable($prefix . '_createfolder', null);
if (!empty($createfolder)) {
$createfolder_name = param_variable($prefix . '_createfolder_name');
if (!strlen($createfolder_name)) {
$createfolder_name = param_variable($prefix . '_createfolder_name');
$namelength = strlen($createfolder_name);
if (!$namelength) {
return array(
'error' => true,
'message' => get_string('foldernamerequired', 'artefact.file'),
);
}
else if ($namelength > 1024) {
return array(
'error' => true,
'message' => get_string('nametoolong', 'artefact.file'),
);
}
return pieform_element_filebrowser_createfolder($form, $element, array(
'title' => $createfolder_name,
'folder' => $element['folder'],
......@@ -311,6 +325,12 @@ function pieform_element_filebrowser_doupdate(Pieform $form, $element) {
'browse' => 1,
);
}
else if (strlen($_FILES['userfile']['name']) > 1024) {
return array(
'error' => true,
'message' => get_string('nametoolong', 'artefact.file'),
);
}
else if ($element['config']['uploadagreement'] && !param_boolean($prefix . '_notice', false)) {
return array(
'error' => true,
......@@ -675,6 +695,7 @@ function pieform_element_filebrowser_get_headdata($element) {
'editfile',
'editfolder',
'filewithnameexists',
'nametoolong',
'namefieldisrequired',
'detachfilewarning',
),
......
......@@ -124,6 +124,9 @@ function FileBrowser(idprefix, folderid, config, globalconfig) {
if (name == '') {
message = get_string('foldernamerequired');
}
else if (name.length > 1024) {
message = get_string('nametoolong');
}
else if (self.fileexists(name)) {
message = get_string('filewithnameexists', name);
}
......@@ -146,6 +149,9 @@ function FileBrowser(idprefix, folderid, config, globalconfig) {
if (name == '') {
message = get_string('namefieldisrequired');
}
else if (name.length > 1024) {
message = get_string('nametoolong');
}
else if (self.fileexists(name, this.name.replace(/.*_update\[(\d+)\]$/, '$1'))) {
message = get_string('filewithnameexists', name);
}
......
......@@ -87,6 +87,7 @@ $string['movefaileddestinationnotfolder'] = 'You can only move files into folder
$string['movefailednotfileartefact'] = 'Only file, folder and image artefacts can be moved.';
$string['movefailednotowner'] = 'You do not have permission to move the file into this folder';
$string['movefailed'] = 'Move failed.';
$string['nametoolong'] = 'That name is too long. Please choose a shorter one.';
$string['nofilesfound'] = 'No files found';
$string['overwrite'] = 'Overwrite';
$string['Owner'] = 'Owner';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment