Add file upload for attachments

modules/middleware/context.go

@@ -323,7 +323,6 @@ func (f *Flash) Success(msg string) {
 // InitContext initializes a classic context for a request.
 func InitContext() martini.Handler {
 	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
-
 		ctx := &Context{
 			c: c,
 			// p:      p,
@@ -332,7 +331,6 @@ func InitContext() martini.Handler {
 			Cache:  setting.Cache,
 			Render: rd,
 		}
-
 		ctx.Data["PageStartTime"] = time.Now()
 
 		// start session
@@ -374,6 +372,14 @@ func InitContext() martini.Handler {
 			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
 		}
 
+		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
+		if strings.Contains(r.Header.Get("Content-Type"), "multipart/form-data") {
+			if err = ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil { // 32MB max size
+				ctx.Handle(500, "issue.Comment(ctx.Req.ParseMultipartForm)", err)
+				return
+			}
+		}
+
 		// get or create csrf token
 		ctx.Data["CsrfToken"] = ctx.CsrfToken()
 		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)

modules/setting/setting.go

@@ -74,6 +74,8 @@ var (
 	// Attachment settings.
 	AttachmentPath         string
 	AttachmentAllowedTypes string
+	AttachmentMaxSize      int64
+	AttachmentMaxFiles     int
 
 	// Cache settings.
 	Cache        cache.Cache
@@ -172,6 +174,8 @@ func NewConfigContext() {
 
 	AttachmentPath = Cfg.MustValue("attachment", "PATH", "files/attachments")
 	AttachmentAllowedTypes = Cfg.MustValue("attachment", "ALLOWED_TYPES", "*/*")
+	AttachmentMaxSize = Cfg.MustInt64("attachment", "MAX_SIZE", 32)
+	AttachmentMaxFiles = Cfg.MustInt("attachment", "MAX_FILES", 10)
 
 	if err = os.MkdirAll(AttachmentPath, os.ModePerm); err != nil {
 		log.Fatal("Could not create directory %s: %s", AttachmentPath, err)