Implement maximum image size constraint

modules/file/file.admin.controller.php

@@ -62,11 +62,13 @@ class fileAdminController extends file
 	function procFileAdminInsertUploadConfig()
 	{
 		// Update configuration
-		$oFileModel = getModel('file');
+		$config = getModel('module')->getModuleConfig('file');
-		$config = $oFileModel->getFileConfig();
 		$config->allowed_filesize = Context::get('allowed_filesize');
 		$config->allowed_attach_size = Context::get('allowed_attach_size');
 		$config->allowed_filetypes = str_replace(' ', '', Context::get('allowed_filetypes'));
+		$config->max_image_width = intval(Context::get('max_image_width')) ?: '';
+		$config->max_image_height = intval(Context::get('max_image_height')) ?: '';
+		$config->max_image_size_action = Context::get('max_image_size_action') ?: '';
 		
 		// Check maximum file size
 		if (PHP_INT_SIZE < 8)
@@ -93,8 +95,7 @@ class fileAdminController extends file
 	function procFileAdminInsertDownloadConfig()
 	{
 		// Update configuration
-		$oFileModel = getModel('file');
+		$config = getModel('module')->getModuleConfig('file');
-		$config = $oFileModel->getFileConfig();
 		$config->allow_outlink = Context::get('allow_outlink');
 		$config->allow_outlink_format = Context::get('allow_outlink_format');
 		$config->allow_outlink_site = Context::get('allow_outlink_site');

modules/file/file.controller.php

@@ -861,48 +861,100 @@ class fileController extends file
 			$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
 		}
 
-		if(!$manual_insert)
-		{
-			// Get the file configurations
-			$logged_info = Context::get('logged_info');
-			if($logged_info->is_admin != 'Y')
-			{
-				$oFileModel = getModel('file');
-				$config = $oFileModel->getFileConfig($module_srl);
-
-				// check file type
-				if(isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*')
-				{
-					$filetypes = explode(';', $config->allowed_filetypes);
-					$ext = array();
-					foreach($filetypes as $item) {
-						$item = explode('.', $item);
-						$ext[] = strtolower($item[1]);
-					}
-					$uploaded_ext = explode('.', $file_info['name']);
-					$uploaded_ext = strtolower(array_pop($uploaded_ext));
-
-					if(!in_array($uploaded_ext, $ext))
-					{
-						throw new Rhymix\Framework\Exception('msg_not_allowed_filetype');
-					}
-				}
-
-				$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
-				$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
-				// An error appears if file size exceeds a limit
-				if($allowed_filesize < filesize($file_info['tmp_name'])) throw new Rhymix\Framework\Exception('msg_exceeds_limit_size');
-				// Get total file size of all attachements (from DB)
-				$size_args = new stdClass;
-				$size_args->upload_target_srl = $upload_target_srl;
-				$output = executeQuery('file.getAttachedFileSize', $size_args);
-				$attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
-				if($attached_size > $allowed_attach_size) throw new Rhymix\Framework\Exception('msg_exceeds_limit_size');
-			}
-		}
-
 		// Sanitize filename
 		$file_info['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($file_info['name']);
+
+		// Get extension
+		$extension = explode('.', $file_info['name']) ?: array('');
+		$extension = strtolower(array_pop($extension));
+		
+		// Check file type, size, and other attributes
+		if(!$manual_insert && !$this->user->isAdmin())
+		{
+			// Get file module configuration
+			$oFileModel = getModel('file');
+			$config = $oFileModel->getFileConfig($module_srl);
+
+			// Check file type
+			if(isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*')
+			{
+				$filetypes = explode(';', $config->allowed_filetypes);
+				$ext = array();
+				foreach($filetypes as $item) {
+					$item = explode('.', $item);
+					$ext[] = strtolower($item[1]);
+				}
+
+				if(!in_array($extension, $ext))
+				{
+					throw new Rhymix\Framework\Exception('msg_not_allowed_filetype');
+				}
+			}
+
+			// Check file size
+			$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
+			$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
+			if($allowed_filesize < filesize($file_info['tmp_name']))
+			{
+				throw new Rhymix\Framework\Exception('msg_exceeds_limit_size');
+			}
+			
+			// Get total size of all attachements
+			$size_args = new stdClass;
+			$size_args->upload_target_srl = $upload_target_srl;
+			$output = executeQuery('file.getAttachedFileSize', $size_args);
+			$attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
+			if($attached_size > $allowed_attach_size)
+			{
+				throw new Rhymix\Framework\Exception('msg_exceeds_limit_size');
+			}
+			
+			// Check image dimensions
+			if($config->max_image_size_action && ($config->max_image_width || $config->max_image_height))
+			{
+				if(in_array($extension, array('gif', 'jpg', 'png', 'webp', 'bmp')))
+				{
+					if ($image_info = @getimagesize($file_info['tmp_name']))
+					{
+						$image_width = $image_info[0];
+						$image_height = $image_info[1];
+						$exceeded = false;
+						if ($config->max_image_width > 0 && $image_width > $config->max_image_width)
+						{
+							$exceeded = true;
+						}
+						elseif ($config->max_image_height > 0 && $image_height > $config->max_image_height)
+						{
+							$exceeded = true;
+						}
+						
+						if ($exceeded)
+						{
+							if ($config->max_image_size_action === 'block')
+							{
+								if ($config->max_image_width && $config->max_image_height)
+								{
+									$message = sprintf(lang('msg_exceeds_max_image_size'), $config->max_image_width, $config->max_image_height);
+								}
+								elseif ($config->max_image_width)
+								{
+									$message = sprintf(lang('msg_exceeds_max_image_width'), $config->max_image_width);
+								}
+								else
+								{
+									$message = sprintf(lang('msg_exceeds_max_image_height'), $config->max_image_height);
+								}
+								throw new Rhymix\Framework\Exception($message);
+							}
+							else
+							{
+								// TODO
+							}
+						}
+					}
+				}
+			}
+		}
 		
 		// Get file_srl
 		$file_srl = getNextSequence();

modules/file/file.model.php

@@ -189,11 +189,15 @@ class fileModel extends file
 			$config->allowed_attach_size = $file_config->allowed_attach_size;
 			$config->allowed_filetypes = $file_config->allowed_filetypes;
 			$config->inline_download_format = $file_config->inline_download_format;
+			$config->max_image_width = $file_config->max_image_width;
+			$config->max_image_height = $file_config->max_image_height;
+			$config->max_image_size_action = $file_config->max_image_size_action;
 			$config->download_grant = $file_config->download_grant;
 			$config->allow_outlink = $file_config->allow_outlink;
 			$config->allow_outlink_site = $file_config->allow_outlink_site;
 			$config->allow_outlink_format = $file_config->allow_outlink_format;
 		}
+		
 		// Property for all files comes first than each property
 		if(!$config->allowed_filesize) $config->allowed_filesize = $file_module_config->allowed_filesize;
 		if(!$config->allowed_attach_size) $config->allowed_attach_size = $file_module_config->allowed_attach_size;
@@ -202,6 +206,10 @@ class fileModel extends file
 		if(!$config->allow_outlink_site) $config->allow_outlink_site = $file_module_config->allow_outlink_site;
 		if(!$config->allow_outlink_format) $config->allow_outlink_format = $file_module_config->allow_outlink_format;
 		if(!$config->download_grant) $config->download_grant = $file_module_config->download_grant;
+		if(!$config->max_image_width) $config->max_image_width = $file_module_config->max_image_width;
+		if(!$config->max_image_height) $config->max_image_height = $file_module_config->max_image_height;
+		if(!$config->max_image_size_action) $config->max_image_size_action = $file_module_config->max_image_size_action;
+		
 		// Default setting if not exists
 		if(!$config->allowed_filesize) $config->allowed_filesize = '2';
 		if(!$config->allowed_attach_size) $config->allowed_attach_size = '3';

modules/file/lang/en.php

@@ -17,6 +17,10 @@ $lang->allow_outlink_format = 'Allowed Formats';
 $lang->allowed_filesize = 'Maximum File Size';
 $lang->allowed_attach_size = 'Maximum Attachments';
 $lang->allowed_filetypes = 'Allowed extentsions';
+$lang->max_image_size = 'Maximum Image Size';
+$lang->max_image_size_action_nothing = 'If exceeded, do nothing';
+$lang->max_image_size_action_block = 'If exceeded, block upload';
+$lang->max_image_size_action_resize = 'If exceeded, resize automatically';
 $lang->inline_download_format = 'Open in current window';
 $lang->inline_download_image = 'Image';
 $lang->inline_download_audio = 'Audio';
@@ -34,6 +38,7 @@ $lang->about_allowed_filesize_global = 'This is the global limit on the size of
 $lang->about_allowed_attach_size_global = 'This is the global limit on the combined size of all attachments in one document.';
 $lang->about_allowed_size_limits = 'The file size will be limited to the value set in php.ini (%sB) in IE9 and below and older Android browsers.';
 $lang->about_allowed_filetypes = 'To allow an extension, use "*.[extention]". To allow multiple extensions, use ";" between each extension. ex) *.* or *.jpg;*.gif; ';
+$lang->about_max_image_size = 'You can limit the maximum width and height of uploaded images.';
 $lang->cmd_delete_checked_file = 'Delete Selected Item(s)';
 $lang->cmd_move_to_document = 'Move to Document';
 $lang->cmd_download = 'Download';
@@ -41,6 +46,9 @@ $lang->msg_not_permitted_download = 'You do not have a permission to download.';
 $lang->msg_file_cart_is_null = 'Please select a file(s) to delete.';
 $lang->msg_checked_file_is_deleted = '%d attachment(s) was(were) deleted.';
 $lang->msg_exceeds_limit_size = 'This file exceeds the attachment limit.';
+$lang->msg_exceeds_max_image_size = 'This image is too large. Images must be no larger than %dx%dpx.';
+$lang->msg_exceeds_max_image_width = 'This image is too large. The maximum permitted width is %dpx.';
+$lang->msg_exceeds_max_image_height = 'This image is too large. The maximum permitted height is %dpx.';
 $lang->msg_file_not_found = 'Could not find requested file.';
 $lang->msg_file_key_expired = 'This download link is expired. Please initiate the download again.';
 $lang->file_search_target_list['filename'] = 'File Name';

modules/file/lang/ko.php

@@ -14,9 +14,13 @@ $lang->file_list = '첨부 파일 목록';
 $lang->allow_outlink = '다운로드 링크 외부 접근 허용';
 $lang->allow_outlink_site = '외부 접근 허용 사이트';
 $lang->allow_outlink_format = '외부 접근 허용 확장자';
-$lang->allowed_filesize = '파일 크기 제한';
+$lang->allowed_filesize = '파일 용량 제한';
 $lang->allowed_attach_size = '문서 첨부 제한';
 $lang->allowed_filetypes = '허용 확장자';
+$lang->max_image_size = '이미지 크기 제한';
+$lang->max_image_size_action_nothing = '초과시 아무 것도 하지 않음';
+$lang->max_image_size_action_block = '초과시 업로드 금지';
+$lang->max_image_size_action_resize = '초과시 자동 크기 조정';
 $lang->inline_download_format = '다운로드시 현재 창 사용';
 $lang->inline_download_image = '이미지';
 $lang->inline_download_audio = '오디오';
@@ -34,6 +38,7 @@ $lang->about_allowed_filesize_global = '관리자를 포함하여 사이트 전
 $lang->about_allowed_attach_size_global = '관리자를 포함하여 사이트 전체에 적용되는 문서당 총 첨부 용량 제한입니다.';
 $lang->about_allowed_size_limits = 'IE9 이하, 구버전 안드로이드 등에서는 php.ini에서 지정한 %sB로 제한됩니다.';
 $lang->about_allowed_filetypes = '"*.확장자"로 지정할 수 있고 ";" 으로 여러 개 지정이 가능합니다. 예) *.* or *.jpg;*.gif;';
+$lang->about_max_image_size = '이미지 파일의 가로세로 크기를 제한할 수 있습니다.';
 $lang->cmd_delete_checked_file = '선택항목 삭제';
 $lang->cmd_move_to_document = '문서로 이동';
 $lang->cmd_download = '다운로드';
@@ -42,6 +47,9 @@ $lang->msg_file_cart_is_null = '삭제할 파일을 선택해주세요.';
 $lang->msg_checked_file_is_deleted = '%d개의 첨부 파일이 삭제되었습니다.';
 $lang->msg_exceeds_limit_size = '허용된 용량을 초과하여 첨부가 되지 않았습니다.';
 $lang->msg_not_allowed_filetype = '업로드할 수 없는 파일 형식입니다.';
+$lang->msg_exceeds_max_image_size = '이미지가 너무 큽니다. %dx%dpx 이하의 이미지만 허용됩니다.';
+$lang->msg_exceeds_max_image_width = '이미지가 너무 큽니다. 폭 %dpx 이하의 이미지만 허용됩니다.';
+$lang->msg_exceeds_max_image_height = '이미지가 너무 큽니다. 높이 %dpx 이하의 이미지만 허용됩니다.';
 $lang->msg_file_not_found = '요청한 파일을 찾을 수 없습니다.';
 $lang->msg_file_key_expired = '다운로드 링크의 유효기간이 지났습니다. 다시 다운로드하여 주시기 바랍니다.';
 $lang->file_search_target_list['filename'] = '파일 이름';

modules/file/tpl/upload_config.html

@@ -22,6 +22,19 @@
 			<p class="x_help-block">{$lang->about_allowed_attach_size_global}<br />{sprintf($lang->about_allowed_size_limits, ini_get('upload_max_filesize'))}</p>
 		</div>
 	</div>
+	<div class="x_control-group">
+		<label for="max_image_width" class="x_control-label">{$lang->max_image_size}</label>
+		<div class="x_controls">
+			<input type="number" min="0" name="max_image_width" id="max_image_width" value="{$config->max_image_width}" size="7" style="min-width:80px" /> &times;
+			<input type="number" min="0" name="max_image_height" id="max_image_height" value="{$config->max_image_height}" size="7" style="min-width:80px" /> px &nbsp;
+			<select name="max_image_size_action" id="max_image_size_action">
+				<option value="" selected="selected"|cond="$config->max_image_size_action == ''">{$lang->max_image_size_action_nothing}</option>
+				<option value="block" selected="selected"|cond="$config->max_image_size_action == 'block'">{$lang->max_image_size_action_block}</option>
+				<option value="resize" selected="selected"|cond="$config->max_image_size_action == 'resize'">{$lang->max_image_size_action_resize}</option>
+			</select>
+			<p class="x_help-block">{$lang->about_max_image_size}</p>
+		</div>
+	</div>
 	<div class="x_control-group">
 		<label for="allowedFiletypes" class="x_control-label">{$lang->allowed_filetypes}</label>
 		<div class="x_controls">