revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 07:12:41 +01:00
Code Issues Releases Wiki Activity

Add a post_max_size exception for drag and drop uploads

Browse source 
Summary: See comments.

Test Plan: Uploaded a small image in Safari via drag-and-drop.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3771
This commit is contained in:
epriestley 2012-10-22 10:54:23 -07:00
parent 680076497c
commit e2c303c1af
3 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
src/infrastructure/PhabricatorRequestOverseer.php
View file

@ -31,11 +31,10 @@ final class PhabricatorRequestOverseer {
* the request anyway, and provides no formal way to detect that this * the request anyway, and provides no formal way to detect that this
* happened. * happened.
* *
* We can still read the entire body out of `php://input`. However, this * We can still read the entire body out of `php://input`. However according
* stream can't be rewound, and according to the documentation isn't available * to the documentation the stream isn't available for "multipart/form-data"
* for "multipart/form-data" (on nginx + php-fpm it appears that it is * (on nginx + php-fpm it appears that it is available, though, at least) so
* available, though, at least) so any attempt to generate $_POST would create * any attempt to generate $_POST would be fragile.
* side effects and be fragile.
*/ */
private function detectPostMaxSizeTriggered() { private function detectPostMaxSizeTriggered() {
// If this wasn't a POST, we're fine. // If this wasn't a POST, we're fine.
@ -48,6 +47,16 @@ final class PhabricatorRequestOverseer {
return; return;
} }
// For HTML5 drag-and-drop file uploads, Safari submits the data as
// "application/x-www-form-urlencoded". For most files this generates
// something in POST because most files decode to some nonempty (albeit
// meaningless) value. However, some files (particularly small images)
// don't decode to anything. If we know this is a drag-and-drop upload,
// we can skip this check.
if (isset($_REQUEST['__upload__'])) {
return;
}
// PHP generates $_POST only for two content types. This routing happens // PHP generates $_POST only for two content types. This routing happens
// in `main/php_content_types.c` in PHP. Normally, all forms use one of // in `main/php_content_types.c` in PHP. Normally, all forms use one of
// these content types, but some requests may not -- for example, Firefox // these content types, but some requests may not -- for example, Firefox

1
webroot/rsrc/js/application/core/DragAndDropFileUpload.js
View file

@ -107,6 +107,7 @@ JX.install('PhabricatorDragAndDropFileUpload', {
var up_uri = JX.$U(this.getURI()) var up_uri = JX.$U(this.getURI())
.setQueryParam('name', file.getName()) .setQueryParam('name', file.getName())
.setQueryParam('__upload__', 1)
.toString(); .toString();
var onupload = JX.bind(this, function(r) { var onupload = JX.bind(this, function(r) {

1
webroot/rsrc/js/application/core/PasteFileUpload.js
View file

@ -45,6 +45,7 @@ JX.install('PhabricatorPasteFileUpload', {
var up_uri = JX.$U(this.getURI()) var up_uri = JX.$U(this.getURI())
.setQueryParam('name', 'clipboard.png') .setQueryParam('name', 'clipboard.png')
.setQueryParam('__upload__', 1)
.toString(); .toString();
new JX.Request(up_uri, JX.bind(this, function(r) { new JX.Request(up_uri, JX.bind(this, function(r) {