diff --git a/validate-signature/slim-app/src/osteam/App.php b/validate-signature/slim-app/src/osteam/App.php
index ca83d2ce027a1d33913c5e570ca8ebb3c5a81a55..44b2b11939b33966a4e1b3cf7104abc0b454ae37 100644
--- a/validate-signature/slim-app/src/osteam/App.php
+++ b/validate-signature/slim-app/src/osteam/App.php
@@ -16,8 +16,9 @@ class App
protected $ci = null;
protected $logger = null;
- protected $savePath;
- protected $saveFileTTL;
+ protected $savePath = 'tmp';
+ protected $saveFileTTL = 0;
+ protected $maxFileSize = 0;
public function __construct(ContainerInterface $ci)
{
@@ -29,9 +30,10 @@ class App
if (isset($settings['app'])) {
$this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp');
$this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0);
+ $this->maxFileSize = (isset($settings['app']['max_file_size']) ? $settings['app']['max_file_size'] : 0);
}
}
-
+
/**
* ΧαιΟΞ΅ΟΞΉΟΞΌΟΟ - οδηγίΡΟ.
*
@@ -101,9 +103,15 @@ class App
]), 501);
}
- foreach ($files as $id => $file) {
+ // foreach ($files as $id => $file) {
+ // as requested, only handle one file
+ $file = array_pop($files);
if ($file->getError() === UPLOAD_ERR_OK) {
- // $contents = base64_encode($file->getStream()->getContents());
+ if ($file->getSize() > $this->maxFileSize) {
+ return $res->withJson(array_merge($this->coreResponseData(false), [
+ 'message' => 'Exceeded maximum file size limit'
+ ]), 400);
+ }
$filename = $file->getClientFilename();
$store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' .
$this->sanitizeFilename($filename);
@@ -117,7 +125,7 @@ class App
}
$this->logger->info("validate binary upload::{$store_filename}");
}
- }
+ // }
$this->vaccuumSavePath();
@@ -144,12 +152,22 @@ class App
// $parsedBody = $req->getParsedBody();
$filename = $req->getParsedBodyParam('filename', null);
$content = $req->getParsedBodyParam('base64content', null);
- if ($filename === null || $content === null) {
+ if ($filename === null && $content === null) {
+ return $res->withJson(array_merge($this->coreResponseData(false), [
+ 'message' => 'invalid JSON format encoding'
+ ]), 400);
+ } elseif ($filename === null || $content === null) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Filename and file content is mandatory'
]), 400);
}
-
+
+ if (mb_strlen($content) > (ceil($this->maxFileSize * 4 / 3) + 3)) { // approx base64 length
+ return $res->withJson(array_merge($this->coreResponseData(false), [
+ 'message' => 'Exceeded maximum file size limit'
+ ]), 400);
+ }
+
if (($filecontent = base64_decode($content)) === false) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'File content is not valid base64 encoded'
@@ -172,6 +190,12 @@ class App
]), 501);
}
+ if (filesize($store_filename) > $this->maxFileSize) { // double checking
+ return $res->withJson(array_merge($this->coreResponseData(false), [
+ 'message' => 'Exceeded maximum file size limit'
+ ]), 400);
+ }
+
$this->logger->info("validate base64 upload::{$store_filename}");
// delete any leftover files
diff --git a/validate-signature/slim-app/src/settings.php.dist b/validate-signature/slim-app/src/settings.php.dist
index c66d53027f9b7bc2396ffdd835407199431e529f..1b61d7ffd5306bbc2d259ace7d16f8ac4ab34c51 100644
--- a/validate-signature/slim-app/src/settings.php.dist
+++ b/validate-signature/slim-app/src/settings.php.dist
@@ -19,6 +19,7 @@ return [
'app' => [
'save_path' => __DIR__ . '/../files', // upload file location
'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds
+ 'max_file_size' => 26214401, // maximum uploaded file size in bytes
'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper'
]