check if post request succeeds

op/op.AddDocument.php

@@ -33,6 +33,13 @@ include("../inc/inc.ClassController.php");
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
 
+/* if post_max_size is to small, then $_POST will not be set and the content
+ * lenght will exceed post_max_size
+ */
+if(empty($_POST) && $_SERVER['CONTENT_LENGTH'] > SeedDMS_Core_File::parse_filesize(ini_get('post_max_size'))) {
+	UI::exitError(getMLText("folder_title", array("foldername" => '')),getMLText("uploading_postmaxsize"));
+}
+
 /* Check if the form data comes from a trusted request */
 if(!checkFormKey('adddocument')) {
 	UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
@@ -330,15 +337,18 @@ if(!empty($_POST['notification_groups'])) {
 /* Check files for Errors first */
 $maxuploadsize = SeedDMS_Core_File::parse_filesize($settings->_maxUploadSize);
 foreach($file_ary as $file) {
+	if($file['error']==1) {
+		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_maxsize"));
+	}
+	if($file['error']!=0) {
+		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_failed"));
+	}
 	if ($file["size"]==0) {
 		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_zerosize"));
 	}
 	if ($maxuploadsize && $file["size"] > $maxuploadsize) {
 		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_maxsize"));
 	}
-	if($file['error']!=0) {
-		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_failed"));
-	}
 }
 
 foreach($file_ary as $file) {

op/op.AddFile.php

@@ -27,6 +27,13 @@ include("../inc/inc.DBInit.php");
 include("../inc/inc.ClassUI.php");
 include("../inc/inc.Authentication.php");
 
+/* if post_max_size is to small, then $_POST will not be set and the content
+ * lenght will exceed post_max_size
+ */
+if(empty($_POST) && $_SERVER['CONTENT_LENGTH'] > SeedDMS_Core_File::parse_filesize(ini_get('post_max_size'))) {
+	UI::exitError(getMLText("document_title", array("documentname" => '')),getMLText("uploading_postmaxsize"));
+}
+
 if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
 	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
 }

op/op.UpdateDocument.php

@@ -31,6 +31,13 @@ include("../inc/inc.ClassController.php");
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
 
+/* if post_max_size is to small, then $_POST will not be set and the content
+ * lenght will exceed post_max_size
+ */
+if(empty($_POST) && $_SERVER['CONTENT_LENGTH'] > SeedDMS_Core_File::parse_filesize(ini_get('post_max_size'))) {
+	UI::exitError(getMLText("folder_title", array("foldername" => '')),getMLText("uploading_postmaxsize"));
+}
+
 /* Check if the form data comes from a trusted request */
 if(!checkFormKey('updatedocument')) {
 	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
@@ -129,6 +136,12 @@ if(!$file_ary) {
 
 $file = $file_ary[0];
 if ($file['error'] == 0) {
+	if($file['error']==1) {
+		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_maxsize"));
+	}
+	if($file['error']!=0) {
+		UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_failed"));
+	}
 	if ($file["size"]==0) {
 		UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("uploading_zerosize"));
 	}