Skip to content

Commit

Permalink
Merge branch 'MDL-81060-main-fix' of https://github.com/meirzamoodle/…
Browse files Browse the repository at this point in the history 
…moodle
  • Loading branch information
@snake
snake committed Apr 9, 2024
2 parents 9c53b22 + e5fca69 commit b34930b
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 37 deletions.
44 changes: 12 additions & 32 deletions lib/filestorage/zip_packer.php
View file
Expand Up @@ -451,17 +451,6 @@ public function extract_to_storage($archivefile, $contextid,
$done = 0;
}

// Get user remaining space.
$areamaxbytes = FILE_AREA_MAX_BYTES_UNLIMITED;
$context = context::instance_by_id($contextid);
if (!has_capability('moodle/user:ignoreuserquota', $context)) {
// Get current used space for this user (private files only).
$fileareainfo = file_get_file_area_info($contextid, 'user', 'private');
$usedspace = $fileareainfo['filesize_without_references'];
$areamaxbytes = (int) $CFG->userquota - $usedspace;
}
$totalsizebytes = 0;

foreach ($ziparch as $info) {
// Notify progress.
if ($progress) {
Expand All @@ -472,8 +461,6 @@ public function extract_to_storage($archivefile, $contextid,
$size = $info->size;
$name = $info->pathname;

$realfilesize = 0;

if ($name === '' or array_key_exists($name, $processed)) {
//probably filename collisions caused by filename cleaning/conversion
continue;
Expand All @@ -500,18 +487,15 @@ public function extract_to_storage($archivefile, $contextid,
continue;
}
$content = '';
$realfilesize = 0;
while (!feof($fz)) {
$content .= fread($fz, 262143);
$realfilesize = strlen($content); // Current file size.
$totalsizebytes = strlen($content);
if ($realfilesize > $size ||
($areamaxbytes != FILE_AREA_MAX_BYTES_UNLIMITED && $totalsizebytes > $areamaxbytes)) {
$processed[0] = 'cannotunzipquotaexceeded';
// Close and unset the stream and the content.
fclose($fz);
unset($content);
// Cancel all processes.
break(2);

// More was read than was expected, which indicates a malformed/malicious archive.
// Break and let the error handling below take care of the file clean up.
if ($realfilesize > $size) {
break;
}
}
fclose($fz);
Expand Down Expand Up @@ -557,20 +541,16 @@ public function extract_to_storage($archivefile, $contextid,
$processed[$name] = 'Can not read file from zip archive'; // TODO: localise
continue;
}
$realfilesize = 0;
while (!feof($fz)) {
$content = fread($fz, 262143);
$numofbytes = fwrite($fp, $content);
$realfilesize += $numofbytes; // Current file size.
$totalsizebytes += $numofbytes;
if ($realfilesize > $size ||
($areamaxbytes != FILE_AREA_MAX_BYTES_UNLIMITED && $totalsizebytes > $areamaxbytes)) {
$processed[0] = 'cannotunzipquotaexceeded';
// Close and remove the tmpfile.
fclose($fz);
fclose($fp);
unlink($tmpfile);
// Cancel all processes.
break(2);

// More was read than was expected, which indicates a malformed/malicious archive.
// Break and let the error handling below take care of the file clean up.
if ($realfilesize > $size) {
break;
}
}
fclose($fz);
Expand Down
6 changes: 1 addition & 5 deletions repository/draftfiles_ajax.php
View file
Expand Up @@ -237,11 +237,7 @@
return $result !== true;
});
if (count($failed) > 0) {
if ($failed[0] == "cannotunzipquotaexceeded") {
$return->error = get_string($failed[0], 'repository');
} else {
$return->error = get_string('cannotunzipextractfileerror', 'repository');
}
$return->error = get_string('cannotunzipextractfileerror', 'repository');
die(json_encode($return));
}

Expand Down

0 comments on commit b34930b

Please sign in to comment.