From 7515e1bac4be13049c63d83e5a44c704753a827d Mon Sep 17 00:00:00 2001
From: Dongsheng Cai <dongsheng@moodle.com>
Date: Mon, 19 Sep 2011 15:29:13 +0800
Subject: [PATCH] MDL-29036 WEBSERVICE : webservice upload script should
 respect maxbytes and userquota settings

---
 webservice/upload.php | 46 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 41 insertions(+), 5 deletions(-)

diff --git a/webservice/upload.php b/webservice/upload.php
index 4c8948b1cf4..9886b64947e 100644
--- a/webservice/upload.php
+++ b/webservice/upload.php
@@ -72,7 +72,9 @@ require_capability('moodle/user:manageownfiles', $context);
 
 $fs = get_file_storage();
 
-foreach ($_FILES as $fieldname=>$file) {
+$totalsize = 0;
+$files = array();
+foreach ($_FILES as $fieldname=>$uploaded_file) {
     // check upload errors
     if (!empty($_FILES[$fieldname]['error'])) {
         switch ($_FILES[$fieldname]['error']) {
@@ -101,18 +103,52 @@ foreach ($_FILES as $fieldname=>$file) {
             throw new moodle_exception('nofile');
         }
     }
+    $file = new stdClass();
+    $file->filename = clean_param($_FILES[$fieldname]['name'], PARAM_FILE);
+    // check system maxbytes setting
+    if (($_FILES[$fieldname]['size'] > $CFG->maxbytes)) {
+        // oversize file will be ignored, error added to array to notify
+        // web service client
+        $file->error = get_string('maxbytes', 'error');
+    } else {
+        $file->filepath = $_FILES[$fieldname]['tmp_name'];
+        // calculate total size of upload
+        $totalsize += $_FILES[$fieldname]['size'];
+    }
+    $files[] = $file;
+}
+
+$fs = get_file_storage();
+
+$usedspace = 0;
+$privatefiles = $fs->get_area_files($context->id, 'user', 'private', false, 'id', false);
+foreach ($privatefiles as $file) {
+    $usedspace += $file->get_filesize();
+}
+
+if ($totalsize > ($CFG->userquota - $usedspace)) {
+    throw new file_exception('userquotalimit');
+}
+
+$results = array();
+foreach ($files as $file) {
+    if (!empty($file->error)) {
+        // including error and filename
+        $results[] = $file;
+        continue;
+    }
     $file_record = new stdClass;
     $file_record->component = 'user';
     $file_record->contextid = $context->id;
     $file_record->userid    = $USER->id;
     $file_record->filearea  = 'private';
-    $file_record->filename = clean_param($_FILES[$fieldname]['name'], PARAM_FILE);
+    $file_record->filename = $file->filename;
     $file_record->filepath  = $filepath;
     $file_record->itemid    = 0;
     $file_record->license   = $CFG->sitedefaultlicense;
     $file_record->author    = fullname($user);;
     $file_record->source    = '';
-    $stored_file = $fs->create_file_from_pathname($file_record, $_FILES[$fieldname]['tmp_name']);
-    $uploaded_files[] = $file_record;
+    $stored_file = $fs->create_file_from_pathname($file_record, $file->filepath);
+    $results[] = $file_record;
 }
-echo json_encode($uploaded_files);
+echo json_encode($results);
-- 
2.17.1