From 2c147d5cdde5e70043dc2076f4b90bbbff5256a7 Mon Sep 17 00:00:00 2001 From: Pedro Amorim Date: Mon, 31 Oct 2022 16:31:02 -0100 Subject: [PATCH] Bug 32030: Max document file size - server-side validation Signed-off-by: Martin Renvoize Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- Koha/ERM/Documents.pm | 5 ++++- Koha/Exceptions.pm | 4 ++++ Koha/REST/V1/ERM/Agreements.pm | 12 ++++++++++++ Koha/REST/V1/ERM/Licenses.pm | 12 ++++++++++++ 4 files changed, 32 insertions(+), 1 deletion(-) diff --git a/Koha/ERM/Documents.pm b/Koha/ERM/Documents.pm index 8da3c1d300..36c507cf43 100644 --- a/Koha/ERM/Documents.pm +++ b/Koha/ERM/Documents.pm @@ -48,7 +48,7 @@ sub replace_with { $schema->txn_do( sub { my $existing_documents = $obj->documents; - + my $max_allowed_packet = C4::Context->dbh->selectrow_array(q{SELECT @@max_allowed_packet}); # FIXME Here we are not deleting all the documents before recreating them, like we do for other related resources. # As we do not want the content of the documents to transit over the network we need to use the document_id (and allow it in the API spec) # to distinguish from each other @@ -69,6 +69,9 @@ sub replace_with { for my $document (@$documents) { my $file_content = defined($document->{file_content}) ? decode_base64( $document->{file_content} ) : ""; my $mt = MIME::Types->new(); + # Throw exception if uploaded file exceeds server limit + Koha::Exceptions::PayloadTooLarge->throw("File size exceeds limit defined by server") if length($file_content) > $max_allowed_packet; + if ( $document->{document_id} ) { # The document already exists in DB $existing_documents->find( $document->{document_id} ) diff --git a/Koha/Exceptions.pm b/Koha/Exceptions.pm index ecfd2c1af2..249e5f1d59 100644 --- a/Koha/Exceptions.pm +++ b/Koha/Exceptions.pm @@ -24,6 +24,10 @@ use Exception::Class ( isa => 'Koha::Exception', description => 'The required object doesn\'t exist', }, + 'Koha::Exceptions::PayloadTooLarge' => { + isa => 'Koha::Exception', + description => 'Request entity is larger than limits defined by server', + }, 'Koha::Exceptions::ObjectNotCreated' => { isa => 'Koha::Exception', description => 'The object have not been created', diff --git a/Koha/REST/V1/ERM/Agreements.pm b/Koha/REST/V1/ERM/Agreements.pm index c93af41201..19ca477e36 100644 --- a/Koha/REST/V1/ERM/Agreements.pm +++ b/Koha/REST/V1/ERM/Agreements.pm @@ -148,6 +148,12 @@ sub add { } ); } + elsif ( $_->isa('Koha::Exceptions::PayloadTooLarge') ) { + return $c->render( + status => 413, + openapi => { error => $_->error } + ); + } } $c->unhandled_exception($_); @@ -224,6 +230,12 @@ sub update { } ); } + elsif ( $_->isa('Koha::Exceptions::PayloadTooLarge') ) { + return $c->render( + status => 413, + openapi => { error => $_->error } + ); + } } $c->unhandled_exception($_); diff --git a/Koha/REST/V1/ERM/Licenses.pm b/Koha/REST/V1/ERM/Licenses.pm index cc5a9ef5ee..15a40ef7e2 100644 --- a/Koha/REST/V1/ERM/Licenses.pm +++ b/Koha/REST/V1/ERM/Licenses.pm @@ -135,6 +135,12 @@ sub add { } ); } + elsif ( $_->isa('Koha::Exceptions::PayloadTooLarge') ) { + return $c->render( + status => 413, + openapi => { error => $_->error } + ); + } } $c->unhandled_exception($_); @@ -203,6 +209,12 @@ sub update { } ); } + elsif ( $_->isa('Koha::Exceptions::PayloadTooLarge') ) { + return $c->render( + status => 413, + openapi => { error => $_->error } + ); + } } $c->unhandled_exception($_); -- 2.39.5