GibbonEdu · ali-ichk · Mar 24, 2026
diff --git a/Stream/CHANGEDB.php b/Stream/CHANGEDB.php
@@ -87,3 +87,8 @@
 ++$count;
 $sql[$count][0] = '1.2.00';
 $sql[$count][1] = "";
+
+//v1.2.02
+++$count;
+$sql[$count][0] = '1.2.02';
+$sql[$count][1] = "";
diff --git a/Stream/CHANGELOG.txt b/Stream/CHANGELOG.txt
@@ -1,5 +1,9 @@
 CHANGELOG
 =========
+v1.2.00
+-------
+Added error message to detect if uploaded images exceed server's limit
+
 v1.2.00
 -------
 Gibbon v28 compatibility

diff --git a/Stream/manifest.php b/Stream/manifest.php
@@ -27,7 +27,7 @@
 $entryURL = 'stream.php';
 $type = 'Additional';
 $category = 'Other';
-$version = '1.2.00';
+$version = '1.2.02';
 $author = "Gibbon Foundation";
 $url = "https://gibbonedu.org";
 

diff --git a/Stream/posts_manage_add.php b/Stream/posts_manage_add.php
@@ -39,6 +39,11 @@
     }
     $page->return->setEditLink($editLink);
 
+    $page->return->addReturns([
+        'error11' => __m('Your post could not be submitted because the uploaded images exceed the server\'s size limit. Please upload fewer images at a time or try again.'),
+        'error12' => __m('Your post could not be submitted because one or more uploaded files are not a valid image type. Accepted formats: JPG, GIF, PNG.'),
+    ]);
+
     $form = Form::create('post', $session->get('absoluteURL').'/modules/'.$session->get('module').'/posts_manage_addProcess.php');
     $form->setFactory(DatabaseFormFactory::create($pdo));
 

diff --git a/Stream/posts_manage_addProcess.php b/Stream/posts_manage_addProcess.php
@@ -20,7 +20,6 @@
 */
 
 use Gibbon\FileUploader;
-use Gibbon\Services\Format;
 use Gibbon\Domain\System\SettingGateway;
 use Gibbon\Module\Stream\Domain\PostGateway;
 use Gibbon\Module\Stream\Domain\PostTagGateway;
@@ -52,6 +51,14 @@
 
     $partialFail = false;
 
+    // Detect if PHP silently dropped all POST/FILE data because the combined upload size exceeded the server's post_max_size limit.
+    $contentLength = intval($_SERVER['CONTENT_LENGTH'] ?? 0);
+    if ($contentLength > 0 && !isset($_POST['post'])) {
+        $URL .= '&return=error11';
+        header("Location: {$URL}");
+        exit;
+    }
+
     // Sanitize the whole $_POST array
     $_POST = $container->get(Validator::class)->sanitize($_POST);
 
@@ -98,6 +105,15 @@
 
         foreach ($_FILES['attachments']['name'] as $index => $name) {
             $file = array_combine(array_keys($_FILES['attachments']), array_column($_FILES['attachments'], $index));
+
+            // Reject non-image MIME types before attempting upload
+            $allowedMimes = ['image/jpeg', 'image/jpg', 'image/gif', 'image/png'];
+            if (!empty($file['type']) && !in_array(strtolower($file['type']), $allowedMimes)) {
+                $URL .= '&return=error12';
+                header("Location: {$URL}");
+                exit;
+            }
+
             $attachment = $fileUploader->uploadAndResizeImage($file, 'streamPhoto', $maxImageSize, 90);
 
             if (!empty($attachment)) {

diff --git a/Stream/version.php b/Stream/version.php
@@ -22,4 +22,4 @@
 /**
  * Sets version information.
  */
-$moduleVersion = '1.2.00';
+$moduleVersion = '1.2.02';