From b95f561bf29094421b827bb1fcae96122ebf8f4a Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 13 Apr 2012 11:25:38 +0200
Subject: [PATCH] file settings: let people set no more than upper boundary for
 file uploads, but they should can really go up to the limit

---
 files/admin.php           |  1 +
 files/templates/admin.php |  2 +-
 lib/files.php             | 18 +++++++++++++-----
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/files/admin.php b/files/admin.php
index 04ef6a4e82..4ae3ee5123 100644
--- a/files/admin.php
+++ b/files/admin.php
@@ -54,6 +54,7 @@ OC_App::setActiveNavigationEntry( "files_administration" );
 $tmpl = new OC_Template( 'files', 'admin' );
 $tmpl->assign( 'htaccessWorking', $htaccessWorking );
 $tmpl->assign( 'uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assign( 'maxPossibleUploadSize', OC_Helper::humanFileSize(PHP_INT_MAX));
 $tmpl->assign( 'allowZipDownload', $allowZipDownload);
 $tmpl->assign( 'maxZipInputSize', $maxZipInputSize);
 return $tmpl->fetchPage();
\ No newline at end of file
diff --git a/files/templates/admin.php b/files/templates/admin.php
index 730f55f276..9bcc40e936 100644
--- a/files/templates/admin.php
+++ b/files/templates/admin.php
@@ -4,7 +4,7 @@
 	<fieldset class="personalblock">
 		<legend><strong><?php echo $l->t('File handling');?></strong></legend>
 		<?php if($_['htaccessWorking']):?>
-			<label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/><br/>
+			<label for="maxUploadSize"><?php echo $l->t( 'Maximum upload size' ); ?> </label><input name='maxUploadSize' id="maxUploadSize" value='<?php echo $_['uploadMaxFilesize'] ?>'/>(<?php echo $l->t('max. possible: '); echo $_['maxPossibleUploadSize'] ?>)<br/>
 		<?php endif;?>
 		<input type="checkbox" name="allowZipDownload" id="allowZipDownload" value="1" title="<?php echo $l->t( 'Needed for multi-file and folder downloads.' ); ?>"<?php if ($_['allowZipDownload']) echo ' checked="checked"'; ?> /> <label for="allowZipDownload"><?php echo $l->t( 'Enable ZIP-download' ); ?></label> <br/>
 		<fieldset class="personalblock">
diff --git a/lib/files.php b/lib/files.php
index 473be51fdd..051cfd4b81 100644
--- a/lib/files.php
+++ b/lib/files.php
@@ -317,14 +317,22 @@ class OC_Files {
 	/**
 	 * set the maximum upload size limit for apache hosts using .htaccess
 	 * @param int size filesisze in bytes
-	 * @return mixed false on failure, size on success
+	 * @return false on failure, size on success
 	 */
 	static function setUploadLimit($size){
-		$size=OC_Helper::humanFileSize($size);
-		$size=substr($size,0,-1);//strip the B
-		$size=str_replace(' ','',$size); //remove the space between the size and the postfix
+		//don't allow user to break his config -- upper boundary
+		if($size > PHP_INT_MAX) {
+			//max size is always 1 byte lower than computerFileSize returns
+			if($size > PHP_INT_MAX+1)
+				return false;
+			$size -=1;
+		} else {
+			$size=OC_Helper::humanFileSize($size);
+			$size=substr($size,0,-1);//strip the B
+			$size=str_replace(' ','',$size); //remove the space between the size and the postfix
+		}
 
-		//don't allow user to break his config
+		//don't allow user to break his config -- broken or malicious size input
 		if(intval($size) == 0) {
 			return false;
 		}