Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33766

My private files does not properly handle userquota & maxbytes and empty itself

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • 2.4
    • 2.3
    • Files API
    • MOODLE_23_STABLE
    • MOODLE_24_STABLE
    • MDL-33766-master
    • Hide

      Test pre-requisites

      • Enable Dropbox repository
      • Enable File System repository
      • Enable System files repository
      • Place some files in your private files, and in your course (folder resource for instance)
        • < 1MB file
        • 1, 2, and 3MB files
        • .txt and .jpg ones, even if not real ones.

      You can create files using this command: dd if=/dev/urandom of=NameOfFile.txt bs=1024KB count=1_

      Test #1

      1. Use the attached file test_filemanager.php to test both the editor and the file manager.
      2. For each of the 3 repositories (dropbox, server files and upload), make sure:
        • The maximum number of files is respected
        • The maximum size per file is respected
        • The global size per area is respected
      3. Using Dropbox and Server files, make sure the restriction does not apply to file references

      Test #2

      1. Be destructive
      2. Navigate to your private files and try to bypass the limits
      3. Navigate to any other editor/file manager and try to be bypass the limits

      Known issues:

      • The editor does not support maxfiles.
      • Hacking the ajax request would allow files to be uploaded to the draft area, although they would not be saved when submitting the form
      Show
      Test pre-requisites Enable Dropbox repository Enable File System repository Enable System files repository Place some files in your private files, and in your course (folder resource for instance) < 1MB file 1, 2, and 3MB files .txt and .jpg ones, even if not real ones. You can create files using this command: dd if=/dev/urandom of=NameOfFile.txt bs=1024KB count=1 _ Test #1 Use the attached file test_filemanager.php to test both the editor and the file manager. For each of the 3 repositories (dropbox, server files and upload), make sure : The maximum number of files is respected The maximum size per file is respected The global size per area is respected Using Dropbox and Server files, make sure the restriction does not apply to file references Test #2 Be destructive Navigate to your private files and try to bypass the limits Navigate to any other editor/file manager and try to be bypass the limits Known issues: The editor does not support maxfiles. Hacking the ajax request would allow files to be uploaded to the draft area, although they would not be saved when submitting the form

      In your private files, you can see 'Maximum size for new files: XXX'. This value is actually the 'userquota' setting where it should be:

      min(array('userquota' - 'used_disk_space', get_user_max_upload_file_size($context, $CFG->maxbytes))).

      The maxbytes setting can be bypassed using the capability 'moodle/course:ignorefilesizelimits'

      To be fixed

      1. Wording of 'Maximum size for new files' (or at least figuring out what it means, cf. MDL-27163)
      2. Upload limit based on maxbytes
      3. Upload limit based on user free disk space as well
      4. When the quota is exceeded, it is not clear that the files are not saved. User could lose all new uploaded files without knowing!

      To replicate

      • Upload a few files to exceed userquota, save your changes, logout, login, files are gone!
      • Play with the upload_max_size, userquota and maxbytes.

        1. patch-01.txt
          18 kB
        2. patch-02.txt
          19 kB
        3. patch-03.txt
          32 kB
        4. patch-04.txt
          33 kB
        5. test_filemanager.php
          2 kB

            fred Frédéric Massart
            fred Frédéric Massart
            Marina Glancy Marina Glancy
            Dan Poltawski Dan Poltawski
            Mark Nelson Mark Nelson
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.