diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index d4c5a3e034a..4bd869103fe 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -62,7 +62,7 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { dol_print_error($db); } } elseif ($action == 'updateform') { - $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1; + $res1 = 1; $res2 = 1; $res3 = 1; $res4 = 1; $res5 = 1; if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) { $res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity); } @@ -75,7 +75,10 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) { if (GETPOSTISSET('MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS')) { $res4 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", GETPOST("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 'alphanohtml'), 'int', 0, '', $conf->entity); } - if ($res1 && $res2 && $res3 && $res4) { + if (GETPOSTISSET('MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS')) { + $res5 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", GETPOST("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 'alphanohtml'), 'int', 0, '', $conf->entity); + } + if ($res1 && $res2 && $res3 && $res4 && $res5) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } } @@ -197,6 +200,14 @@ print ''; +print ''.$langs->trans("MaxNumberOfAttachementOnForms").''; +print ''; +print ''; +print ''; +print ''; +print ''; + /* if (empty($conf->global->MAIN_APPLICATION_TITLE)) { $conf->global->MAIN_APPLICATION_TITLE = ""; diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index edbc348444e..c703c65fa2f 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1657,7 +1657,12 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess if (!empty($_FILES[$varfiles])) { // For view $_FILES[$varfiles]['error'] dol_syslog('dol_add_file_process upload_dir='.$upload_dir.' allowoverwrite='.$allowoverwrite.' donotupdatesession='.$donotupdatesession.' savingdocmask='.$savingdocmask, LOG_DEBUG); - + $maxfilesinform = getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10); + if (count($_FILES[$varfiles]["name"]) > $maxfilesinform) { + $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now. + setEventMessages($langs->trans("ErrorTooMuchFileInForm", $maxfilesinform), null, "errors"); + return -1; + } $result = dol_mkdir($upload_dir); // var_dump($result);exit; if ($result >= 0) { diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 4a55dc2cffc..94de41fba0a 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2343,3 +2343,4 @@ DesktopsAndSmartphones=Desktops et smartphones AllowOnlineSign=Allow online signing AllowExternalDownload=Allow external download (without login, using a shared link) DeadlineDayVATSubmission=Deadline day for vat submission on the next month +MaxNumberOfAttachementOnForm=Max number of joinded files in form diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 7bcecfa4999..97af73b8fd1 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -302,6 +302,7 @@ ErrorTableNotFound=Table %s not found ErrorValueForTooLow=Value for %s is too low ErrorValueCantBeNull=Value for %s can't be null ErrorDateOfMovementLowerThanDateOfFileTransmission=The date of the bank transaction can't be lower than the date of the file transmission +ErrorTooMuchFileInForm=Too much files in form, the maximum number is %s file(s) # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.