Add parameter to control maximum file upload size

Author: clue

README.md

@@ -784,6 +784,18 @@ $server = new StreamingServer(new MiddlewareRunner([
 
 See also [example #12](examples) for more details.
 
+By default, this middleware respects the
+[`upload_max_filesize`](http://php.net/manual/en/ini.core.php#ini.upload-max-filesize)
+(default `2M`) ini setting.
+Files that exceed this limit will be rejected with an `UPLOAD_ERR_INI_SIZE` error.
+You can control the maximum filesize for each individual file upload by
+explicitly passing the maximum filesize in bytes as the first parameter to the
+constructor like this:
+
+```php
+new RequestBodyParserMiddleware(8 * 1024 * 1024); // 8 MiB limit per file
+```
+
 > Note that this middleware handler simply parses everything that is already
   buffered in the request body.
   It is imperative that the request body is buffered by a prior middleware
@@ -798,10 +810,9 @@ See also [example #12](examples) for more details.
   more details.
 
 > PHP's `MAX_FILE_SIZE` hidden field is respected by this middleware.
+  Files that exceed this limit will be rejected with an `UPLOAD_ERR_FORM_SIZE` error.
 
 > This middleware respects the
-  [`upload_max_filesize`](http://php.net/manual/en/ini.core.php#ini.upload-max-filesize)
-  (default `2M`),
   [`max_input_vars`](http://php.net/manual/en/info.configuration.php#ini.max-input-vars)
   (default `1000`) and
   [`max_input_nesting_level`](http://php.net/manual/en/info.configuration.php#ini.max-input-nesting-level)

examples/12-upload.php

@@ -121,8 +121,8 @@
 
 // buffer and parse HTTP request body before running our request handler
 $server = new StreamingServer(new MiddlewareRunner(array(
-    new RequestBodyBufferMiddleware(100000), // 100 KB max, ignore body otherwise
-    new RequestBodyParserMiddleware(),
+    new RequestBodyBufferMiddleware(8 * 1024 * 1024), // 8 MiB max, ignore body otherwise
+    new RequestBodyParserMiddleware(100 * 1024), // 100 KiB max, reject upload otherwise
     $handler
 )));
 

src/Io/MultipartParser.php

@@ -56,7 +56,10 @@ final class MultipartParser
 
     private $postCount = 0;
 
-    public function __construct()
+    /**
+     * @param int|null $uploadMaxFilesize
+     */
+    public function __construct($uploadMaxFilesize = null)
     {
         $var = ini_get('max_input_vars');
         if ($var !== false) {
@@ -67,7 +70,7 @@ public function __construct()
             $this->maxInputNestingLevel = (int)$var;
         }
 
-        $this->uploadMaxFilesize = $this->iniUploadMaxFilesize();
+        $this->uploadMaxFilesize = $uploadMaxFilesize === null ? $this->iniUploadMaxFilesize() : (int)$uploadMaxFilesize;
     }
 
     public function parse(ServerRequestInterface $request)

src/Middleware/RequestBodyParserMiddleware.php

@@ -9,9 +9,12 @@ final class RequestBodyParserMiddleware
 {
     private $multipart;
 
-    public function __construct()
+    /**
+     * @param int|null $uploadMaxFilesize
+     */
+    public function __construct($uploadMaxFilesize = null)
     {
-        $this->multipart = new MultipartParser();
+        $this->multipart = new MultipartParser($uploadMaxFilesize);
     }
 
     public function __invoke(ServerRequestInterface $request, $next)

tests/Io/MultipartParserTest.php

@@ -688,6 +688,39 @@ public function testUploadEmptyFile()
         $this->assertSame('', (string)$file->getStream());
     }
 
+    public function testUploadTooLargeFile()
+    {
+        $boundary = "---------------------------12758086162038677464950549563";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"file\"; filename=\"hello\"\r\n";
+        $data .= "Content-type: text/plain\r\n";
+        $data .= "\r\n";
+        $data .= "world\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parser = new MultipartParser(4);
+        $parsedRequest = $parser->parse($request);
+
+        $files = $parsedRequest->getUploadedFiles();
+
+        $this->assertCount(1, $files);
+        $this->assertTrue(isset($files['file']));
+        $this->assertInstanceOf('Psr\Http\Message\UploadedFileInterface', $files['file']);
+
+        /* @var $file \Psr\Http\Message\UploadedFileInterface */
+        $file = $files['file'];
+
+        $this->assertSame('hello', $file->getClientFilename());
+        $this->assertSame('text/plain', $file->getClientMediaType());
+        $this->assertSame(5, $file->getSize());
+        $this->assertSame(UPLOAD_ERR_INI_SIZE, $file->getError());
+    }
+
     public function testUploadNoFile()
     {
         $boundary = "---------------------------12758086162038677464950549563";