mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-10-05 07:32:13 +00:00
fix almost unrestricted fast upload (Bug #175)
This commit is contained in:
parent
7c4e5a15aa
commit
a800f74a75
|
@ -443,6 +443,20 @@ switch($command) {
|
||||||
echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_folder_id")));
|
echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_folder_id")));
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||||
|
echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($settings->_quota > 0) {
|
||||||
|
$remain = checkQuota($user);
|
||||||
|
if ($remain < 0) {
|
||||||
|
echo json_encode(array('success'=>false, 'message'=>getMLText("quota_exceeded", array('bytes'=>SeedDMS_Core_File::format_filesize(abs($remain))))));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!is_uploaded_file($_FILES["userfile"]["tmp_name"]) || $_FILES['userfile']['error']!=0){
|
if (!is_uploaded_file($_FILES["userfile"]["tmp_name"]) || $_FILES['userfile']['error']!=0){
|
||||||
header('Content-Type', 'application/json');
|
header('Content-Type', 'application/json');
|
||||||
echo json_encode(array('success'=>false, 'message'=>getMLText("uploading_failed")));
|
echo json_encode(array('success'=>false, 'message'=>getMLText("uploading_failed")));
|
||||||
|
|
Loading…
Reference in New Issue
Block a user