image attach ignores image module's maximum sizes

Settings are to be set in http://www.example.com/admin/settings/uploads

You're right it didn't work for me also. I just uploaded 2MB where the maximum upload size is 1 MB.

This category should be relocated to bug instead of feature request.

Confirming with CVS code -- I set image module's file size limit to 20kb, and then image attach nicely let me attach a new image of 37kb... this is a pretty major hole!

this is a huge problem for me, I rely entirely on users attaching images, larger images are causing errors and blank pages so it needs to be validated if an image is too large by means of a message to the user instead of just ignoring the max size and causing errors.

any ideas when this is likely to be fixed?

Well... someone needs to write a patch. I plan to, but obviously if anyone beats me to it then I get to spend more time working on views support for this module :)
Then the patch needs to be tested so it can be committed.
Given the importance of this issue, I would say some tests could do to be written too -- one for image.module and one here, both checking the max filesize is respected.

I had a hunch... from a reading of the code, image_import suffers from the same problem.
Not as severe in its effects in a way, as you'd expect admins using image import to know what they are doing, although an admin might expect the import process to check these things too.

I would say the fault actually lies with image module itself -- image_create_node_from() should check the filesize of the imagefile it is given.

This wouldn't be a be hugely complex patch if you wanted to have a go, thiokol -- drupal documentation has sections on getting a CVS copy and making a patch if you're feeling adventurous :)
See how image_max_upload_size is being checked, and do the same kind of thing in image_create_node_from(), returning FALSE if it's too big. You can mostly frankencode it :p

I havent written any php in years so I think it would be a bigger task than you'd imagine from my point of view :)

Guess I'll just have to be patient until someone else has the time to do it.

Is there any intention to fix this? Its a big problem and surely not that difficult to fix (for a developer)

Here is a patch.
Please could you test it?

All it does is check the filesize and doesn't create the image if it's too big. It's using drupal_set_message to give a warning because that's the only way of getting feedback out of image_create_node_from().

I think two subsequent issues should be filed
- a test for this function for image filesize
- look at some way of getting error messages out of image_create_node_from().

Better patch: uses form_set_error to prevent form validation.
The message isn't set to a particular form control because we don't have that information to hand: see http://drupal.org/node/424258 -- but that's a relatively minor cosmetic issue.

We should pass NULL instead of '' for $name. Also, there is a small grammar mistake in the error message.

What's the grammar mistake? I'm not seeing it...

I guess 'you have uploaded' could seem incorrect, as we're preventing the upload.
A comma before 'but'?

Committed the attached patch with the change in parameter for form_set_error.
Still no idea what sun meant by the grammar error ;)

@sun: Did you really mean to pass NULL to form_set_error()? Because it does nothing at all if you do that.

Reversed the previous patch and applied the one from #13.

Missed a bit:


// Ensure the file is within our size bounds.
if ($image_info['file_size'] > variable_get('image_max_upload_size', 800) * 1024) {
form_set_error('', t('The image you uploaded was too big. You are only allowed upload files less than %max_size but your file was %file_size.', array('%max_size' => format_size(variable_get('image_max_upload_size', 800) * 1024), '%file_size' => format_size($file->filesize))), 'warning');
return FALSE;
}


Size doesn't get shown.
Will fix once I am not working on three patches at once.

Fixed.