MDL-65115 repository: Prevent unzipping if it will exceed allowed quota

moodle · Sep 3, 2020 · 9aa9e5f · 9aa9e5f
1 parent c718c85
commit 9aa9e5f
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 5 deletions.
diff --git a/lang/en/repository.php b/lang/en/repository.php
@@ -56,6 +56,8 @@
 $string['cannotdownload'] = 'Cannot download this file';
 $string['cannotdownloaddir'] = 'Cannot download this folder';
 $string['cannotinitplugin'] = 'Call plugin_init failed';
+$string['cannotunzipcontentunreadable'] = 'Cannot unzip this file because the contents of the file cannot be read.';
+$string['cannotunzipquotaexceeded'] = 'Cannot unzip this file because the maximum size allowed in this draft area will be exceeded.';
 $string['cleancache'] = 'Clean my cache files';
 $string['close'] = 'Close';
 $string['commonrepositorysettings'] = 'Common repository settings';

diff --git a/lib/form/filemanager.js b/lib/form/filemanager.js
@@ -884,14 +884,21 @@ M.form_filemanager.init = function(Y, options) {
                 }
                 params['filepath'] = fileinfo.filepath;
                 params['filename'] = fileinfo.fullname;
+                // The unlimited value of areamaxbytes is -1, it is defined by FILE_AREA_MAX_BYTES_UNLIMITED.
+                params['areamaxbytes'] = this.areamaxbytes ? this.areamaxbytes : -1;
                 selectnode.addClass('loading');
                 this.request({
                     action: 'unzip',
                     scope: this,
                     params: params,
                     callback: function(id, obj, args) {
-                        args.scope.selectui.hide();
-                        args.scope.refresh(obj.filepath);
+                        if (obj.error) {
+                            selectnode.removeClass('loading');
+                            args.scope.print_msg(obj.error, 'error');
+                        } else {
+                            args.scope.selectui.hide();
+                            args.scope.refresh(obj.filepath);
+                        }
                     }
                 });
             }, this);

diff --git a/repository/draftfiles_ajax.php b/repository/draftfiles_ajax.php
@@ -210,12 +210,28 @@
     case 'unzip':
         $filename = required_param('filename', PARAM_FILE);
         $filepath = required_param('filepath', PARAM_PATH);
+        $areamaxbytes = required_param('areamaxbytes', PARAM_INT);
 
+        $return = new stdClass();
         $zipper = get_file_packer('application/zip');
-
         $fs = get_file_storage();
-
         $file = $fs->get_file($user_context->id, 'user', 'draft', $draftid, $filepath, $filename);
+        // Get the total size of the content in the archive.
+        $filecontentsize = $file->get_total_content_size($zipper);
+
+        // Return an error if the returned size of the content is NULL.
+        // This means the utility class was unable to read the content of the archive.
+        if (is_null($filecontentsize)) {
+            $return->error = get_string('cannotunzipcontentunreadable', 'repository');
+            die(json_encode($return));
+        }
+
+        // Check whether the maximum size allowed in this draft area will be exceeded with unzipping the file.
+        // If the maximum size allowed is exceeded, return an error before attempting to unzip.
+        if (file_is_draft_area_limit_reached($draftid, $areamaxbytes, $filecontentsize)) {
+            $return->error = get_string('cannotunzipquotaexceeded', 'repository');
+            die(json_encode($return));
+        }
 
         // Find unused name for directory to extract the archive.
         $temppath = $fs->get_unused_dirname($user_context->id, 'user', 'draft', $draftid, $filepath. pathinfo($filename, PATHINFO_FILENAME). '/');
@@ -243,7 +259,6 @@
                     $donotremovedirs[] = $realpath;
                 }
             }
-            $return = new stdClass();
             $return->filepath = $filepath;
         } else {
             $return = false;