From ab991458ada0ca5b2dae31a04b068711e533abc3 Mon Sep 17 00:00:00 2001
From: Robin McCorkell <rmccorkell@karoshi.org.uk>
Date: Fri, 27 Mar 2015 23:43:35 +0000
Subject: [PATCH] Require minimum 1 MiB upload limit

---
 lib/private/files.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/private/files.php b/lib/private/files.php
index e93b98a189..0f48dca971 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -52,6 +52,8 @@ class OC_Files {
 	const ZIP_FILES = 2;
 	const ZIP_DIR = 3;
 
+	const UPLOAD_MIN_LIMIT_BYTES = 1048576; // 1 MiB
+
 	/**
 	 * @param string $filename
 	 * @param string $name
@@ -246,15 +248,17 @@ class OC_Files {
 	 * @return bool false on failure, size on success
 	 */
 	static function setUploadLimit($size) {
-		//don't allow user to break his config -- upper boundary
+		//don't allow user to break his config
 		if ($size > PHP_INT_MAX) {
 			//max size is always 1 byte lower than computerFileSize returns
 			if ($size > PHP_INT_MAX + 1)
 				return false;
 			$size -= 1;
-		} else {
-			$size = OC_Helper::phpFileSize($size);
 		}
+		if ($size < self::UPLOAD_MIN_LIMIT_BYTES) {
+			return false;
+		}
+		$size = OC_Helper::phpFileSize($size);
 
 		//don't allow user to break his config -- broken or malicious size input
 		if (intval($size) === 0) {
-- 
GitLab