diff --git a/app/assets/javascripts/sitewide/form_validators.js.erb b/app/assets/javascripts/sitewide/form_validators.js.erb index 8f6098fe6..c0e3eddd3 100644 --- a/app/assets/javascripts/sitewide/form_validators.js.erb +++ b/app/assets/javascripts/sitewide/form_validators.js.erb @@ -108,6 +108,7 @@ function filesValidator(ev, fileInputs, fileTypeEnum, canBeEmpty) { if (fileInputs.length) { var filesPresentValid = canBeEmpty || filesPresentValidator(ev, fileInputs); var filesSizeValid = filesSizeValidator(ev, fileInputs, fileTypeEnum); + // File spoof check is done on server-side only filesValid = filesPresentValid && filesSizeValid; } @@ -142,11 +143,32 @@ function filesSizeValidator(ev, fileInputs, fileTypeEnum) { } }; + function checkFilesTotalSize(fileInputs) { + if (!fileInputs || fileInputs < 2) { + return ; + } + + var size = 0; + _.each(fileInputs, function(fileInput) { + var file = fileInput.files[0] + size += file.size; + }) + + if (size > fileTypeEnum) { + return "<%= I18n.t('general.file.total_size', size: Constants::FILE_MAX_SIZE_MB) %>".strToErrorFormat(); + } + } + // Check if any file exceeds allowed size limit var filesSizeValid = true; + + // Check total size of uploaded files + var totalSizeOK = checkFilesTotalSize(fileInputs); + _.each(fileInputs, function(fileInput) { var file = fileInput.files[0]; var assetError = getFileTooBigError(file); + var assetError = totalSizeOK; if (assetError) { renderFormError(ev, fileInput, assetError, false, "data-error='file-size'"); filesSizeValid = false; diff --git a/config/locales/en.yml b/config/locales/en.yml index 28e8ee98c..18b6ecca4 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1441,6 +1441,7 @@ en: private: "private" search: "Search" file: + total_size: "You can upload max %{size} MB of files at one time. Please remove one or more files and try to submit again." size_exceeded: "File size must be less than %{file_size} MB." blank: "You didn't select any file" uploading: "If you leave this page, the file(s) that is/are currently uploading will not be saved! Are you sure you want to continue?"