diff options
-rw-r--r-- | CHANGELOG.txt | 2 | ||||
-rw-r--r-- | includes/file.inc | 19 | ||||
-rw-r--r-- | modules/simpletest/tests/file.test | 8 |
3 files changed, 9 insertions, 20 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index e6f9c38d2..986c4825a 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,8 @@ Drupal 7.32, xxxx-xx-xx (development version) ----------------------- +- Removed special-case behavior for file uploads which allowed user #1 to + bypass maximum file size and user quota limits. Drupal 7.31, 2014-08-06 ---------------------- diff --git a/includes/file.inc b/includes/file.inc index d3008cc4f..fb2685659 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -1729,8 +1729,6 @@ function file_validate_extensions(stdClass $file, $extensions) { /** * Checks that the file's size is below certain limits. * - * This check is not enforced for the user #1. - * * @param $file * A Drupal file object. * @param $file_limit @@ -1748,20 +1746,17 @@ function file_validate_extensions(stdClass $file, $extensions) { */ function file_validate_size(stdClass $file, $file_limit = 0, $user_limit = 0) { global $user; - $errors = array(); - // Bypass validation for uid = 1. - if ($user->uid != 1) { - if ($file_limit && $file->filesize > $file_limit) { - $errors[] = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($file->filesize), '%maxsize' => format_size($file_limit))); - } + if ($file_limit && $file->filesize > $file_limit) { + $errors[] = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($file->filesize), '%maxsize' => format_size($file_limit))); + } - // Save a query by only calling file_space_used() when a limit is provided. - if ($user_limit && (file_space_used($user->uid) + $file->filesize) > $user_limit) { - $errors[] = t('The file is %filesize which would exceed your disk quota of %quota.', array('%filesize' => format_size($file->filesize), '%quota' => format_size($user_limit))); - } + // Save a query by only calling file_space_used() when a limit is provided. + if ($user_limit && (file_space_used($user->uid) + $file->filesize) > $user_limit) { + $errors[] = t('The file is %filesize which would exceed your disk quota of %quota.', array('%filesize' => format_size($file->filesize), '%quota' => format_size($user_limit))); } + return $errors; } diff --git a/modules/simpletest/tests/file.test b/modules/simpletest/tests/file.test index 20dd27376..0e66775a9 100644 --- a/modules/simpletest/tests/file.test +++ b/modules/simpletest/tests/file.test @@ -484,14 +484,6 @@ class FileValidatorTest extends DrupalWebTestCase { $original_user = $user; drupal_save_session(FALSE); - // Run these test as uid = 1. - $user = user_load(1); - - $file = new stdClass(); - $file->filesize = 999999; - $errors = file_validate_size($file, 1, 1); - $this->assertEqual(count($errors), 0, 'No size limits enforced on uid=1.', 'File'); - // Run these tests as a regular user. $user = $this->drupalCreateUser(); |