From 2f63a9b4032521c6e1180398be1af5904911109c Mon Sep 17 00:00:00 2001
From: kimth <kimt@mit.edu>
Date: Sun, 19 Aug 2012 20:12:01 -0400
Subject: [PATCH] Limit number of files that can be uploaded at once

---
 lms/djangoapps/courseware/module_render.py | 6 ++++++
 lms/envs/common.py                         | 1 +
 2 files changed, 7 insertions(+)

diff --git a/lms/djangoapps/courseware/module_render.py b/lms/djangoapps/courseware/module_render.py
index 53c7e453ddf..7a239275041 100644
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -379,6 +379,12 @@ def modx_dispatch(request, dispatch=None, id=None, course_id=None):
     if request.FILES:
         for fileinput_id in request.FILES.keys():
             inputfiles = request.FILES.getlist(fileinput_id)
+
+            if len(inputfiles) > settings.MAX_FILEUPLOADS_PER_INPUT:
+                too_many_files_msg = 'Submission aborted! Maximum %d files may be submitted at once' %\
+                    settings.MAX_FILEUPLOADS_PER_INPUT
+                return HttpResponse(json.dumps({'success': too_many_files_msg}))
+
             for inputfile in inputfiles:
                 if inputfile.size > settings.STUDENT_FILEUPLOAD_MAX_SIZE: # Bytes
                     file_too_big_msg = 'Submission aborted! Your file "%s" is too large (max size: %d MB)' %\
diff --git a/lms/envs/common.py b/lms/envs/common.py
index c412a3c8cd8..14a9627b401 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -141,6 +141,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
 )
 
 STUDENT_FILEUPLOAD_MAX_SIZE = 4*1000*1000 # 4 MB
+MAX_FILEUPLOADS_PER_INPUT = 10
 
 # FIXME:
 # We should have separate S3 staged URLs in case we need to make changes to
-- 
GitLab