Changeset 43462 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

Timestamp:

07/17/2018 07:21:50 AM (7 years ago)

Author:

pento

Message:

REST API: Attachments controller should respect upload limits.

When the REST API is in use on WordPress multisite, the WP_REST_Attachments_Controller should respect the "Max upload file size" and "Site upload space" site options.

Props flixos90, danielbachhuber.
Fixes #43751.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php (modified) (3 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

@@ -560 +560 @@
         );
 
+        $size_check = self::check_upload_size( $file_data );
+        if ( is_wp_error( $size_check ) ) {
+            return $size_check;
+        }
+
         $overrides = array(
             'test_form' => false,
@@ -727 +732 @@
         }
 
+        $size_check = self::check_upload_size( $files['file'] );
+        if ( is_wp_error( $size_check ) ) {
+            return $size_check;
+        }
+
         /** Include admin functions to get access to wp_handle_upload() */
         require_once ABSPATH . 'wp-admin/includes/admin.php';
@@ -764 +774 @@
     }
 
+    /**
+     * Determine if uploaded file exceeds space quota on multisite.
+     *
+     * Replicates check_upload_size().
+     *
+     * @since 4.9.8
+     *
+     * @param array $file $_FILES array for a given file.
+     * @return true|WP_Error True if can upload, error for errors.
+     */
+    protected function check_upload_size( $file ) {
+        if ( ! is_multisite() ) {
+            return true;
+        }
+
+        if ( get_site_option( 'upload_space_check_disabled' ) ) {
+            return true;
+        }
+
+        $space_left = get_upload_space_available();
+
+        $file_size = filesize( $file['tmp_name'] );
+        if ( $space_left < $file_size ) {
+            /* translators: %s: required disk space in kilobytes */
+            return new WP_Error( 'rest_upload_limited_space', sprintf( __( 'Not enough space to upload. %s KB needed.' ), number_format( ( $file_size - $space_left ) / KB_IN_BYTES ) ), array( 'status' => 400 ) );
+        }
+
+        if ( $file_size > ( KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ) ) ) {
+            /* translators: %s: maximum allowed file size in kilobytes */
+            return new WP_Error( 'rest_upload_file_too_big', sprintf( __( 'This file is too big. Files must be less than %s KB in size.' ), get_site_option( 'fileupload_maxk', 1500 ) ), array( 'status' => 400 ) );
+        }
+
+        if ( upload_is_user_over_quota( false ) ) {
+            return new WP_Error( 'rest_upload_user_quota_exceeded', __( 'You have used your space quota. Please delete files before uploading.' ), array( 'status' => 400 ) );
+        }
+        return true;
+    }
+
 }