From 936f2c49f5b9ccaf401e569c3ec94cda201b4eb3 Mon Sep 17 00:00:00 2001
From: kimth <kimt@mit.edu>
Date: Mon, 13 Aug 2012 21:00:29 -0400
Subject: [PATCH] Server-side (LMS) checking of uploaded filesize

---
 lms/djangoapps/courseware/module_render.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lms/djangoapps/courseware/module_render.py b/lms/djangoapps/courseware/module_render.py
index 3bb1c477cb..bb69dfcc6f 100644
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -336,11 +336,20 @@ def modx_dispatch(request, dispatch=None, id=None, course_id=None):
       - id -- the module id. Used to look up the XModule instance
     '''
     # ''' (fix emacs broken parsing)
+
+    # TODO: Should be in settings.py
+    MAX_UPLOAD_FILE_SIZE = 4*1000*1000 # 4 MB
+
     # Check for submitted files
     p = request.POST.copy()
     if request.FILES:
         for inputfile_id in request.FILES.keys():
-            p[inputfile_id] = request.FILES[inputfile_id]
+            inputfile = request.FILES[inputfile_id]
+            if inputfile.size > MAX_UPLOAD_FILE_SIZE:
+                file_too_big_msg = 'Submission aborted! Your file "%s" is too large (max size: %d MB)' %\
+                                    (inputfile.name, MAX_UPLOAD_FILE_SIZE/(1000**2))
+                return HttpResponse(json.dumps({'success': file_too_big_msg}))
+            p[inputfile_id] = inputfile
 
     student_module_cache = StudentModuleCache.cache_for_descriptor_descendents(request.user, modulestore().get_item(id))
     instance = get_module(request.user, request, id, student_module_cache)