diff --git a/application/controllers/api/frontend/v1/Abgabe.php b/application/controllers/api/frontend/v1/Abgabe.php index 17d8f0811..b256d6779 100644 --- a/application/controllers/api/frontend/v1/Abgabe.php +++ b/application/controllers/api/frontend/v1/Abgabe.php @@ -186,6 +186,8 @@ class Abgabe extends FHCAPI_Controller */ public function postStudentProjektarbeitZwischenabgabe() { + $this->checkUploadSize(); + $projektarbeit_id = $_POST['projektarbeit_id']; $paabgabe_id = $_POST['paabgabe_id']; $student_uid = $_POST['student_uid']; @@ -236,6 +238,7 @@ class Abgabe extends FHCAPI_Controller */ public function postStudentProjektarbeitEndupload() { + $this->checkUploadSize(); $projektarbeit_id = $_POST['projektarbeit_id']; $paabgabe_id = $_POST['paabgabe_id']; @@ -1028,5 +1031,4 @@ class Abgabe extends FHCAPI_Controller $abgabe->signatur = $signaturVorhanden; } } - } \ No newline at end of file diff --git a/application/core/FHCAPI_Controller.php b/application/core/FHCAPI_Controller.php index dad56334d..a2f13cc99 100644 --- a/application/core/FHCAPI_Controller.php +++ b/application/core/FHCAPI_Controller.php @@ -266,7 +266,7 @@ class FHCAPI_Controller extends Auth_Controller } // --------------------------------------------------------------- - // Security + // Security Begin // --------------------------------------------------------------- /** @@ -287,4 +287,29 @@ class FHCAPI_Controller extends Auth_Controller 'required_permissions' => $this->_rpsToString($requiredPermissions, $this->router->method) ], self::ERROR_TYPE_AUTH); } + + // --------------------------------------------------------------- + // Security End + // --------------------------------------------------------------- + + /** + * Checks the client's total request size (Content-Length) against the minimum + * effective PHP limit (min of upload_max_filesize, post_max_size, memory_limit). + * This preempts failures that result in vague "missing parameters" errors on large files. + * + * @return void + */ + protected function checkUploadSize() { + $content_length = (int)$this->input->server('CONTENT_LENGTH'); + + //get max serverside size upload + $max_upload = (int)(ini_get('upload_max_filesize')); + $max_post = (int)(ini_get('post_max_size')); + $memory_limit = (int)(ini_get('memory_limit')); + $max_upload_mb = min($max_upload, $max_post, $memory_limit); // smallest of 3 config values + + if($content_length >= $max_upload_mb) { + $this->terminateWithError($this->p->t('global', 'filesizeExceeded'), 'general'); + } + } } diff --git a/public/css/theme/default.css b/public/css/theme/default.css index 51bbeceb6..699a60f93 100644 --- a/public/css/theme/default.css +++ b/public/css/theme/default.css @@ -85,6 +85,18 @@ --fhc-pink-70: rgb(160, 40, 90); --fhc-pink-80: rgb(130, 25, 70); --fhc-pink-90: rgb(100, 15, 50); + + /* --- Orange --- */ + --fhc-orange-5: rgb(255, 250, 240); + --fhc-orange-10: rgb(255, 235, 200); + --fhc-orange-20: rgb(255, 210, 140); + --fhc-orange-30: rgb(255, 185, 80); + --fhc-orange-40: rgb(255, 155, 40); + --fhc-orange-50: rgb(255, 128, 0); + --fhc-orange-60: rgb(230, 110, 0); + --fhc-orange-70: rgb(200, 90, 0); + --fhc-orange-80: rgb(170, 70, 0); + --fhc-orange-90: rgb(130, 50, 0); --fhc-beige-10: rgba(245, 233, 215, 0.5); --fhc-beige-20: rgba(172, 153, 125, 0.5); diff --git a/public/js/components/Cis/Abgabetool/AbgabeMitarbeiterDetail.js b/public/js/components/Cis/Abgabetool/AbgabeMitarbeiterDetail.js index 9354ad184..e1ca760ed 100644 --- a/public/js/components/Cis/Abgabetool/AbgabeMitarbeiterDetail.js +++ b/public/js/components/Cis/Abgabetool/AbgabeMitarbeiterDetail.js @@ -333,6 +333,9 @@ export const AbgabeMitarbeiterDetail = { } else if(abgabedatum > datum) { return 'verspaetet' // needs upload, missed it and has submitted smth late + } else if(!termin.upload_allowed) { + if(datum > today) return termin.diffinday <= 12 ? 'abzugeben' : 'standard' + else if (today > datum) return 'abgegeben' } else { return 'abgegeben' // nothing else to do for that termin } diff --git a/public/js/components/Cis/Abgabetool/AbgabetoolAssistenz.js b/public/js/components/Cis/Abgabetool/AbgabetoolAssistenz.js index 2cfa0e308..5c939d37a 100644 --- a/public/js/components/Cis/Abgabetool/AbgabetoolAssistenz.js +++ b/public/js/components/Cis/Abgabetool/AbgabetoolAssistenz.js @@ -542,18 +542,22 @@ export const AbgabetoolAssistenz = { // seperate status if termin is in the past, it needs a note but doesnt have one yet if(today > datum && termin.benotbar && !termin.note) return 'beurteilungerforderlich' - else if (termin.abgabedatum === null) { + if (termin.abgabedatum === null && termin.upload_allowed) { if(datum < today) { - return termin.upload_allowed ? 'verpasst' : 'abgegeben' + return 'verpasst' // needs upload, missed it and has not submitted anything } else if (datum > today && termin.diffindays <= 12) { - return 'abzugeben' + return 'abzugeben' // needs to upload soon } else { - return 'standard' + return 'standard' // upload in distant future } - } else if(abgabedatum > datum) { - return 'verspaetet' + } + else if(abgabedatum > datum) { + return 'verspaetet' // needs upload, missed it and has submitted smth late + } else if(!termin.upload_allowed) { + if(datum > today) return termin.diffinday <= 12 ? 'abzugeben' : 'standard' + else if (today > datum) return 'abgegeben' } else { - return 'abgegeben' + return 'abgegeben' // nothing else to do for that termin } }, openTimeline(val) { diff --git a/public/js/components/Cis/Abgabetool/AbgabetoolStudent.js b/public/js/components/Cis/Abgabetool/AbgabetoolStudent.js index d851235aa..247c36263 100644 --- a/public/js/components/Cis/Abgabetool/AbgabetoolStudent.js +++ b/public/js/components/Cis/Abgabetool/AbgabetoolStudent.js @@ -63,18 +63,22 @@ export const AbgabetoolStudent = { termin.diffindays = this.dateDiffInDays(termin.datum) if(today > datum && termin.benotbar && !termin.note) return 'beurteilungerforderlich' - else if (termin.abgabedatum === null) { + if (termin.abgabedatum === null && termin.upload_allowed) { if(datum < today) { - return termin.upload_allowed ? 'verpasst' : 'abgegeben' + return 'verpasst' // needs upload, missed it and has not submitted anything } else if (datum > today && termin.diffindays <= 12) { - return 'abzugeben' + return 'abzugeben' // needs to upload soon } else { - return 'standard' + return 'standard' // upload in distant future } - } else if(abgabedatum > datum) { - return 'verspaetet' + } + else if(abgabedatum > datum) { + return 'verspaetet' // needs upload, missed it and has submitted smth late + } else if(!termin.upload_allowed) { + if(datum > today) return termin.diffinday <= 12 ? 'abzugeben' : 'standard' + else if (today > datum) return 'abgegeben' } else { - return 'abgegeben' + return 'abgegeben' // nothing else to do for that termin } }, checkQualityGatesStrict(termine) { diff --git a/system/phrasesupdate.php b/system/phrasesupdate.php index 18e2393dc..ab93b2234 100644 --- a/system/phrasesupdate.php +++ b/system/phrasesupdate.php @@ -1453,7 +1453,46 @@ $phrases = array( ) ) ), - + array( + 'app' => 'core', + 'category' => 'global', + 'phrase' => 'unknown_error', + 'insertvon' => 'system', + 'phrases' => array( + array( + 'sprache' => 'German', + 'text' => 'Ein unbekannter Fehler ist aufgetreten: {error}', + 'description' => '', + 'insertvon' => 'system' + ), + array( + 'sprache' => 'English', + 'text' => 'An unknown error occurred: {error}', + 'description' => '', + 'insertvon' => 'system' + ) + ) + ), + array( + 'app' => 'core', + 'category' => 'global', + 'phrase' => 'filesizeExceeded', + 'insertvon' => 'system', + 'phrases' => array( + array( + 'sprache' => 'German', + 'text' => 'Die maximale Dateigröße wurde überschritten!', + 'description' => '', + 'insertvon' => 'system' + ), + array( + 'sprache' => 'English', + 'text' => 'The maximum file size has been exceeded!', + 'description' => '', + 'insertvon' => 'system' + ) + ) + ), //******************************* CORE/ui array( 'app' => 'core',