Changeset fcfd2a in indico

Timestamp:

08/10/11 14:06:04 (22 months ago)

Author:

Pedro Ferreira <jose.pedro.ferreira@…>

Branches:

master, hello-world-walkthrough, ipv6, v0.98-series, v0.98.2, v0.98.3, v0.98b2, v0.99, 051b2622c51afb171a1dedb46a0df4fbb0cbd02e, 0da0c1403bae8e51d8229f460181c71b9e6dda72

Children:

15b835

Parents:

90ed06

git-author:

Stefan Petrovski <stefan.petrovski@…> (06/10/11 16:58:02)

git-committer:

Pedro Ferreira <jose.pedro.ferreira@…> (08/10/11 14:06:04)

Message:

[IMP] Added max file size check for upload

Files:

• etc/indico.conf.sample (modified) (1 diff)
• indico/MaKaC/common/Configuration.py (modified) (1 diff)
• indico/MaKaC/webinterface/rh/conferenceBase.py (modified) (8 diffs)
• indico/htdocs/js/indico/MaterialEditor/Editor.js (modified) (2 diffs)

etc/indico.conf.sample

@@ -150 +150 @@
 # IndicoSearchClass    = "MaKaC.search.invenioSEA.InvenioSEA"
 
+#------------------------------------------------------------------------------
+# FILE UPLOAD
+#------------------------------------------------------------------------------
+# Here you can limit the maximum size of uploaded files (in MB)
+# default: 0 (unlimited)
+
+MaxUploadFileSize = 0
 
 #------------------------------------------------------------------------------

indico/MaKaC/common/Configuration.py

@@ -466 +466 @@
         'AuthenticatedEnforceSecure': 'yes',
         'ExportACL'           : {},
-        
+        'MaxUploadFileSize' : '1024',
         # Authentication
         'LDAPConfig': {'host': 'myldapserver.example.com',

indico/MaKaC/webinterface/rh/conferenceBase.py

@@ -39 +39 @@
 from MaKaC.common.logger import Logger
 
+from indico.util import json
+
+BYTES_1MB = 1024 * 1024
+
+
 class RHCustomizable( RH ):
 
@@ -200 +205 @@
         self._setMenuStatus(params)
 
+
 class RHSubmitMaterialBase:
 
@@ -211 +217 @@
         self._target=target
         self._callerRH = rh
+        self._req = rh._req
         self._repositoryIds = None
+        self._errorList = []
+        self._cfg = Config.getInstance()
 
     def _getNewTempFile( self ):
         cfg = Config.getInstance()
         tempPath = cfg.getUploadedFilesTempDir()
-        tempFileName = tempfile.mkstemp( suffix="Indico.tmp", dir = tempPath )[1]
+        tempFileName = tempfile.mkstemp(suffix="Indico.tmp", dir=tempPath)[1]
         return tempFileName
 
@@ -246 +255 @@
         self._password = params.get("password","")
 
-        from MaKaC.services.interface.rpc import json
-        self._userList = json.decode(params.get("userList", "[]"))
+        self._userList = json.loads(params.get("userList", "[]"))
+        maxUploadFileSize = self._cfg.getMaxUploadFileSize()
 
         if self._uploadType == "file":
@@ -260 +269 @@
                 if type(fileUpload) != str and fileUpload.filename.strip() != "":
                     fDict = {}
-                    fDict["filePath"] = self._saveFileToTemp(fileUpload.file)
-
-                    if self._callerRH != None:
-                        self._callerRH._tempFilesToDelete.append(fDict["filePath"])
 
                     fDict["fileName"] = fileUpload.filename
-                    fDict["size"] = int(os.stat(fDict["filePath"])[stat.ST_SIZE])
+                    estimSize = int(self._req.headers_in["content-length"])
+
+                    if maxUploadFileSize and estimSize > (maxUploadFileSize * BYTES_1MB):
+                        # if file is too big, do not save it in disk
+                        fDict["filePath"] = ''
+                        fDict["size"] = estimSize
+                    else:
+                        fDict["filePath"] = self._saveFileToTemp(fileUpload.file)
+                        fDict["size"] = int(os.stat(fDict["filePath"])[stat.ST_SIZE])
+                        if self._callerRH != None:
+                            self._callerRH._tempFilesToDelete.append(fDict["filePath"])
+
+                    self._setErrorList(fDict)
                     self._files.append(fDict)
 
@@ -285 +302 @@
 
 
-    def _getErrorList(self):
+    def _setErrorList(self, fileEntry):
         res=[]
 
+        maxUploadFileSize = self._cfg.getMaxUploadFileSize()
+
         if self._uploadType == "file":
-            if not self._files:
-                res.append(_("""A file must be submitted."""))
-            for fileEntry in self._files:
-                if hasattr(fileEntry, "filePath") and not fileEntry["filePath"].strip():
-                    res.append(_("""A valid file to be submitted must be specified."""))
-                if hasattr(fileEntry, "size") and fileEntry["size"] < 10:
-                    res.append(_("""The file %s seems to be empty""") % fileEntry["fileName"])
+            if "filePath" in fileEntry and not fileEntry["filePath"].strip():
+                self._errorList.append(_("""A valid file to be submitted must be specified. """))
+            if "size" in fileEntry:
+                if fileEntry["size"] < 10:
+                    self._errorList.append(_("""The file %s seems to be empty """) % fileEntry["fileName"])
+                elif maxUploadFileSize and fileEntry["size"] > (maxUploadFileSize*1024*1024):
+                    self._errorList.append(_("The file size of %s exceeds the upload limit (%s Mb)") % (fileEntry["fileName"], maxUploadFileSize))
         elif self._uploadType == "link":
             if not self._links[0]["url"].strip():
-                res.append(_("""A valid URL must be specified."""))
+                self._errorList.append(_("""A valid URL must be specified."""))
 
         if self._materialId=="":
-            res.append(_("""A material ID must be selected."""))
+            self._errorList.append(_("""A material ID must be selected."""))
         return res
 
@@ -454 +473 @@
             text = ""
 
-        errorList=self._getErrorList()
-
         try:
-            if len(errorList) > 0:
-                status = "ERROR"
-                info = errorList
+            if len(self._errorList) > 0:
+                status = "NOREPORT"
+                info = self._errorList
             else:
                 mat, status, info = self._addMaterialType(text, user)
@@ -465 +482 @@
                 if status == "OK":
                     for entry in info:
-                        entry['material'] = mat.getId();
+                        entry['material'] = mat.getId()
         except Exception, e:
             status = "ERROR"
-            info = errorList + ["%s: %s" % (e.__class__.__name__, str(e))]
+            info = self._errorList + ["%s: %s" % (e.__class__.__name__, str(e))]
             Logger.get('requestHandler').exception('Error uploading file')
-
         # hackish, because of mime types. Konqueror, for instance, would assume text if there were no tags,
         # and would try to open it
-        from MaKaC.services.interface.rpc import json
-        return "<html><head></head><body>"+json.encode({'status': status, 'info': info})+"</body></html>"
-
+        return "<html><head></head><body>%s</body></html>" %\
+               json.dumps({'status': status, 'info': info})

indico/htdocs/js/indico/MaterialEditor/Editor.js

@@ -67 +67 @@
         return buttonDiv;
     },
-
 
     /*
@@ -482 +481 @@
                         requestInfo: {},
                         message: resp.info });
+                } else if (resp.status == "NOREPORT") {
+                    IndicoUtil.errorReport({
+                        type: "noReport",
+                        code: '0',
+                        requestInfo: {},
+                        message: resp.info });
                 } else {
                     self.onUpload(resp.info);