From 9a9362789bb23aa11c6f47eadaee01f6ca9fc869 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Tue, 19 Jul 2016 15:26:41 +0200 Subject: [PATCH] addressing issues with failed attachement uploads due to webserver configuration, resolves #15 --- lib/privatebin.php | 6 ++++++ tst/privatebin.php | 28 ++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/lib/privatebin.php b/lib/privatebin.php index afe27f2..eb6f9cb 100644 --- a/lib/privatebin.php +++ b/lib/privatebin.php @@ -237,6 +237,12 @@ class privatebin ) ); + // Ensure attachment did not get lost due to webserver limits or Suhosin + if (strlen($attachmentname) > 0 && strlen($attachment) == 0) + { + return $this->_return_message(1, 'Attachment missing in data received by server. Please check your webserver or suhosin configuration for maximum POST parameter limitations.'); + } + // The user posts a comment. $pasteid = $this->_request->getParam('pasteid'); $parentid = $this->_request->getParam('parentid'); diff --git a/tst/privatebin.php b/tst/privatebin.php index 5086207..78774f4 100644 --- a/tst/privatebin.php +++ b/tst/privatebin.php @@ -455,6 +455,34 @@ class privatebinTest extends PHPUnit_Framework_TestCase ); } + /** + * In some webserver setups (found with Suhosin) overly long POST params are + * silently removed, check that this case is handled + * + * @runInSeparateProcess + */ + public function testCreateBrokenAttachmentUpload() + { + $this->reset(); + $options = parse_ini_file(CONF, true); + $options['traffic']['limit'] = 0; + $options['main']['fileupload'] = true; + helper::confBackup(); + helper::createIniFile(CONF, $options); + $_POST = helper::getPasteWithAttachment(); + unset($_POST['attachment']); + $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; + $_SERVER['REQUEST_METHOD'] = 'POST'; + $_SERVER['REMOTE_ADDR'] = '::1'; + $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste does not exists before posting data'); + ob_start(); + new privatebin; + $content = ob_get_contents(); + $response = json_decode($content, true); + $this->assertEquals(1, $response['status'], 'outputs error status'); + $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste exists after posting data'); + } + /** * @runInSeparateProcess */