Disable browser upload of media option for site users

traveler
(@visualeight)

2 months, 2 weeks ago

I manage a site with multiple users who continue to upload images that are too large. I limited the upload to 180kb for the multi-file/flash uploader, I also used CSS to hide the link to toggle the “browser upload” option because this did not prevent someone from uploading images that are too large.

Does anyone know of a better way to prevent someone from using the browser uploader which bypasses the upload size limit currently in place?

To add, the site is hosted on WPengine, the plan we are using does not allow us to limit file size uploads unfortunately. They also do not allow an htaccess file, nor is there a php.ini file.

I’ve tried

@ini_set( 'upload_max_size' , '180K' );
@ini_set( 'post_max_size', '180K');
@ini_set( 'max_execution_time', '300' );

in functions.php, but it does not work for me either. WPengine told me the lowest I can set it to is 1mb, something only they have access to do for us. But, this code is working to limit media uploads from the multi upload/flash uploader:

function seiu_limit_upload_file_size( $size ) { $fileSize = '180'; // Provide fileSize in KB's, 512 value means 512 KBs $size = (int)$fileSize * 1024; // Convert KB to bytes return $size; } add_filter( 'upload_size_limit', 'seiu_limit_upload_file_size', 20 );

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator

(@threadi)

I haven’t tested it, but take a look at https://developer.wordpress.org/reference/hooks/wp_handle_upload_prefilter/. See also: https://wordpress.stackexchange.com/questions/228300/set-limit-to-media-upload

Deviant Media LLC

(@abretado1985)

2 months, 1 week ago

I tested the below code in my functions.php and so far everything works great.

<?php
/**
 * Limit file upload size for all upload methods (browser and multi-file uploader)
 * This works by intercepting uploads before they're processed
 */

// Set the maximum file size limit (in bytes)
function seiu_get_max_upload_size() {
    return 180 * 1024; // 180 KB in bytes
}

/**
 * Check file size before upload and reject if too large
 * This works for ALL upload methods including browser uploader
 */
function seiu_limit_upload_size_prefilter( $file ) {
    $max_size = seiu_get_max_upload_size();
    
    // Check if file size exceeds limit
    if ( $file['size'] > $max_size ) {
        $max_size_mb = round( $max_size / 1024 / 1024, 2 );
        $file_size_mb = round( $file['size'] / 1024 / 1024, 2 );
        
        $file['error'] = sprintf(
            'File size is too large. Maximum allowed size is %s KB (%s MB). Your file is %s MB.',
            number_format( $max_size / 1024 ),
            $max_size_mb,
            $file_size_mb
        );
    }
    
    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'seiu_limit_upload_size_prefilter' );

/**
 * Also keep your existing filter for the upload_size_limit
 * This affects the JavaScript uploader size checking
 */
function seiu_limit_upload_file_size( $size ) {
    return seiu_get_max_upload_size();
}
add_filter( 'upload_size_limit', 'seiu_limit_upload_file_size', 20 );

/**
 * Optional: Modify the upload size limit text shown in Media Library
 */
function seiu_upload_size_limit_text( $content ) {
    $max_size = seiu_get_max_upload_size();
    $max_size_kb = round( $max_size / 1024 );
    
    return sprintf( 
        'Maximum upload file size: %s KB.', 
        number_format( $max_size_kb ) 
    );
}
add_filter( 'upload_size_limit', 'seiu_limit_upload_file_size', 20 );
add_filter( 'media_upload_text', 'seiu_upload_size_limit_text' );

/**
 * Optional: Add JavaScript to show file size warnings before upload
 */
function seiu_upload_size_warning_script() {
    $max_size = seiu_get_max_upload_size();
    ?>
    <script type="text/javascript">
    jQuery(document).ready(function($) {
        // Add file size check for browser uploader
        $('input[type="file"]').on('change', function() {
            var files = this.files;
            var maxSize = <?php echo $max_size; ?>;
            
            for (var i = 0; i < files.length; i++) {
                if (files[i].size > maxSize) {
                    var fileSizeMB = (files[i].size / 1024 / 1024).toFixed(2);
                    var maxSizeMB = (maxSize / 1024 / 1024).toFixed(2);
                    
                    alert('File "' + files[i].name + '" is too large (' + fileSizeMB + ' MB). Maximum allowed size is ' + maxSizeMB + ' MB.');
                    $(this).val(''); // Clear the file input
                    return false;
                }
            }
        });
    });
    </script>
    <?php
}
add_action( 'admin_footer-media-upload-popup', 'seiu_upload_size_warning_script' );
add_action( 'admin_footer-upload.php', 'seiu_upload_size_warning_script' );

/**
 * Optional: Remove the browser uploader entirely if you prefer
 * Uncomment the lines below to completely disable browser uploader
 */
/*
function seiu_remove_browser_uploader() {
    remove_action( 'post-plupload-upload-ui', 'media_upload_flash_bypass' );
}
add_action( 'admin_init', 'seiu_remove_browser_uploader' );

// Hide the browser uploader link with CSS (more reliable than your current method)
function seiu_hide_browser_uploader_css() {
    echo '<style type="text/css">
        .upload-flash-bypass { display: none !important; }
        .browser-uploader { display: none !important; }
    </style>';
}
add_action( 'admin_head', 'seiu_hide_browser_uploader_css' );
*/
?>

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Disable browser upload of media option for site users

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics