From 7eeec8260802098f6006143acd7231f63c8ded46 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 17 Feb 2014 22:57:08 -0600
Subject: [PATCH] pipe: Honor attachment ext and size restrictions

---
 include/api.tickets.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/include/api.tickets.php b/include/api.tickets.php
index feca779c5..7cebb81be 100644
--- a/include/api.tickets.php
+++ b/include/api.tickets.php
@@ -69,6 +69,15 @@ class TicketApiController extends ApiController {
                     if(!($attachment['data'] = base64_decode($attachment['data'], true)))
                         $attachment['error'] = sprintf('%s: Poorly encoded base64 data', Format::htmlchars($attachment['name']));
                 }
+                if (!$attachment['error']
+                        && ($size = $ost->getConfig()->getMaxFileSize())
+                        && ($fsize = $attachment['size'] ?: strlen($attachment['data']))
+                        && $fsize > $size) {
+                    $attachment['error'] = sprintf('File %s (%s) is too big. Maximum of %s allowed',
+                            Format::htmlchars($attachment['name']),
+                            Format::file_size($fsize),
+                            Format::file_size($size));
+                }
             }
             unset($attachment);
         }
-- 
GitLab