Better workaround for PHP returning empty $_POST and $_FILES when

POST length > post_max_size in php.ini. I also added this check to
avatar upload, which was failing with huge files.

diff --git a/actions/apiaccountupdateprofileimage.php b/actions/apiaccountupdateprofileimage.php
index 416fee45acb0b608b3e2a10598f60ea1ddd2953b..72fb361bf8bcbdf183bb3e4f9304c4350d5d4d6d 100644 (file)
--- a/actions/apiaccountupdateprofileimage.php
+++ b/actions/apiaccountupdateprofileimage.php
@@ -87,16 +87,22 @@ class ApiAccountUpdateProfileImageAction extends ApiAuthAction
             return;
         }
 
-        if (empty($this->user)) {
-            $this->clientError(_('No such user!'), 404, $this->format);
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+             $msg = _('The server was unable to handle that much POST ' .
+                    'data (%s bytes) due to its current configuration.');
+
+            $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
             return;
         }
 
-        // Workaround for PHP returning empty $_FILES when POST length > PHP settings
-
-        if (empty($_FILES) && ($_SERVER['CONTENT_LENGTH'] > 0)) {
-            common_debug('content-length = ' . $_SERVER['CONTENT_LENGTH']);
-            $this->clientError(_('Unable to handle that much POST data!'));
+        if (empty($this->user)) {
+            $this->clientError(_('No such user!'), 404, $this->format);
             return;
         }
 

diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php
index 82fe5a537e534cf69478c85a707de6d7028ae9d2..e369fa71ee7b5eca92da9a63125abdb02c3a08c9 100644 (file)
--- a/actions/apistatusesupdate.php
+++ b/actions/apistatusesupdate.php
@@ -112,6 +112,20 @@ class ApiStatusesUpdateAction extends ApiAuthAction
             return;
         }
 
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+             $msg = _('The server was unable to handle that much POST ' .
+                    'data (%s bytes) due to its current configuration.');
+
+            $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+            return;
+        }
+
         if (empty($this->status)) {
             $this->clientError(
                 'Client must provide a \'status\' parameter with a value.',
@@ -126,13 +140,6 @@ class ApiStatusesUpdateAction extends ApiAuthAction
             return;
         }
 
-        // Workaround for PHP returning empty $_FILES when POST length > PHP settings
-
-        if (empty($_FILES) && ($_SERVER['CONTENT_LENGTH'] > 0)) {
-            $this->clientError(_('Unable to handle that much POST data!'));
-            return;
-        }
-
         $status_shortened = common_shorten_links($this->status);
 
         if (Notice::contentTooLong($status_shortened)) {

diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php
index ded419dd797a7c88d012a2b9b4a6ca6d0d4a9e25..879e44842f40a03961b20241f7186ef4eefc71d0 100644 (file)
--- a/actions/avatarsettings.php
+++ b/actions/avatarsettings.php
@@ -244,11 +244,25 @@ class AvatarsettingsAction extends AccountSettingsAction
 
     function handlePost()
     {
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+            $msg = _('The server was unable to handle that much POST ' .
+                'data (%s bytes) due to its current configuration.');
+
+            $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+            return;
+        }
+
         // CSRF protection
 
         $token = $this->trimmed('token');
         if (!$token || $token != common_session_token()) {
-            $this->show_form(_('There was a problem with your session token. '.
+            $this->showForm(_('There was a problem with your session token. '.
                                'Try again, please.'));
             return;
         }

diff --git a/lib/designsettings.php b/lib/designsettings.php
index 820d534f23eadc4d9ecb60d8a3d54e7067c6611e..5ce9ddedadf5529c516e94f372d06024f242b67c 100644 (file)
--- a/lib/designsettings.php
+++ b/lib/designsettings.php
@@ -271,17 +271,20 @@ class DesignSettingsAction extends AccountSettingsAction
 
     function handlePost()
     {
-        // XXX: Robin's workaround for a bug in PHP where $_POST
-        // and $_FILE are empty in the case that the uploaded
-        // file is bigger than PHP is configured to handle.
-
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-            if (empty($_POST) && $_SERVER['CONTENT_LENGTH']) {
 
+            // Workaround for PHP returning empty $_POST and $_FILES when POST
+            // length > post_max_size in php.ini
+
+            if (empty($_FILES)
+                && empty($_POST)
+                && ($_SERVER['CONTENT_LENGTH'] > 0)
+            ) {
                 $msg = _('The server was unable to handle that much POST ' .
                     'data (%s bytes) due to its current configuration.');
 
                 $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+                return;
             }
         }