From 86df1529feb4b7eb1a9721baa194518bacbfd8ff Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 29 Dec 2006 16:06:39 -0500
Subject: [PATCH] Error handling for attachment uploads; multibyte-safe string functions; XSS improvements

---
 program/steps/mail/upload.inc |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/program/steps/mail/upload.inc b/program/steps/mail/upload.inc
index 0d9761e..06ed265 100644
--- a/program/steps/mail/upload.inc
+++ b/program/steps/mail/upload.inc
@@ -65,6 +65,16 @@
                          $id,
                          $content);
     }
+  else // upload failed
+    {
+    $err = $_FILES['_attachments']['error'][$i];
+    if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE)
+      $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
+    else
+      $msg = rcube_label('fileuploaderror');
+    
+    $response = sprintf("parent.%s.display_message('%s', 'error');", $JS_OBJECT_NAME, JQ($msg));
+    }
   }
 
 

--
Gitblit v1.9.1