[FIX] Unlimited upload file size not working (#11471)

* Fix validation of max file size on upload * Fixed more locations where the max file size setting is checked wrong * Added description explaining the limitation
7 years ago · 5ea5d263b6
parent 3558f99601
commit 5ea5d263b6
5 changed files with 6 additions and 13 deletions
--- a/packages/rocketchat-file-upload/globalFileRestrictions.js
+++ b/packages/rocketchat-file-upload/globalFileRestrictions.js
@ -15,7 +15,7 @@ const slingShotConfig = {

 		const maxFileSize = RocketChat.settings.get('FileUpload_MaxFileSize');

-		if (maxFileSize >= -1 && maxFileSize < file.size) {
+		if (maxFileSize > -1 && maxFileSize < file.size) {
 			throw new Meteor.Error(TAPi18n.__('File_exceeds_allowed_size_of_bytes', { size: filesize(maxFileSize) }));
 		}

--- a/packages/rocketchat-file-upload/lib/FileUpload.js
+++ b/packages/rocketchat-file-upload/lib/FileUpload.js
@ -30,22 +30,13 @@ FileUpload = {
 		}

 		// -1 maxFileSize means there is no limit
-		if (maxFileSize >= -1 && file.size > maxFileSize) {
+		if (maxFileSize > -1 && file.size > maxFileSize) {
 			const reason = TAPi18n.__('File_exceeds_allowed_size_of_bytes', {
 				size: filesize(maxFileSize)
 			}, language);
 			throw new Meteor.Error('error-file-too-large', reason);
 		}

-		if (maxFileSize > 0) {
-			if (file.size > maxFileSize) {
-				const reason = TAPi18n.__('File_exceeds_allowed_size_of_bytes', {
-					size: filesize(maxFileSize)
-				}, language);
-				throw new Meteor.Error('error-file-too-large', reason);
-			}
-		}
-
 		if (!RocketChat.fileUploadIsValidContentType(file.type)) {
 			const reason = TAPi18n.__('File_type_is_not_accepted', language);
 			throw new Meteor.Error('error-invalid-file-type', reason);
--- a/packages/rocketchat-file-upload/server/startup/settings.js
+++ b/packages/rocketchat-file-upload/server/startup/settings.js
@ -6,7 +6,8 @@ RocketChat.settings.addGroup('FileUpload', function() {

 	this.add('FileUpload_MaxFileSize', 104857600, {
 		type: 'int',
-		public: true
+		public: true,
+		i18nDescription: 'FileUpload_MaxFileSizeDescription'
 	});

 	this.add('FileUpload_MediaTypeWhiteList', 'image/*,audio/*,video/*,application/zip,application/x-rar-compressed,application/pdf,text/plain,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document', {
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@ -1147,6 +1147,7 @@
  "FileUpload_GoogleStorage_Secret": "Google Storage Secret",
  "FileUpload_GoogleStorage_Secret_Description": "Please follow <a href=\"https://github.com/CulturalMe/meteor-slingshot#google-cloud\">these instructions</a> and paste the result here.",
  "FileUpload_MaxFileSize": "Maximum File Upload Size (in bytes)",
+  "FileUpload_MaxFileSizeDescription": "Set it to -1 to remove the file size limitation.",
  "FileUpload_MediaType_NotAccepted": "Media Types Not Accepted",
  "FileUpload_MediaTypeWhiteList": "Accepted Media Types",
  "FileUpload_MediaTypeWhiteListDescription": "Comma-separated list of media types. Leave it blank for accepting all media types.",
--- a/packages/rocketchat-livechat/imports/server/rest/upload.js
+++ b/packages/rocketchat-livechat/imports/server/rest/upload.js
@ -70,7 +70,7 @@ RocketChat.API.v1.addRoute('livechat/upload/:rid', {
 		}

 		// -1 maxFileSize means there is no limit
-		if (maxFileSize >= -1 && file.fileBuffer.length > maxFileSize) {
+		if (maxFileSize > -1 && file.fileBuffer.length > maxFileSize) {
 			return RocketChat.API.v1.failure({
 				reason: 'error-size-not-allowed',
 				sizeAllowed: filesize(maxFileSize)