From: john dot peterson10 at gmail dot com Operating system: Windows PHP version: 5.2.12 PHP Bug Type: Feature/Change Request Bug description: Don't count 0-bytes files towards the max_file_uploads limit
Description: ------------ Suggestion: Don't count 0-bytes files (that comes from <input type="file"> elements that don't have any file specified) towards the max_file_uploads limit. (And don't create a blank temporary file for them to avoid the problems with file-system overload mentioned in CVE-2009-4017.) Reason for suggestion: That way a small limit for max_file_uploads will cause less website restrictions. For example: I have seen some designs with lists of 40 or 50 rows where every row has a <input type="file"> for the sake of the design of the page. But where typically only one or two files are submitted in a POST because the majority of the <input type="file"> elements has no file specified. Currently all these designs will be limited (to for example 20 rows with the default settings) because even 0-byte files count towards the max_file_uploads limit. Issues with suggestion: The site will need javascript to control the rare exception where more than for example 20 <input type="file"> has a value before submit. But that should not be a big problem. Reproduce code: --------------- HTML POST request with <input type="file"> elements where the value is blank (no file specified) so that $_FILES[#]['size'] is 0 (and $_FILES[#]['tmp_name'] is blank). Expected result: ---------------- <input type="file"> elements where no file is specified doesn't count towards the max_file_uploads limit Actual result: -------------- <input type="file"> elements where no file is specified counts towards the max_file_uploads limit -- Edit bug report at http://bugs.php.net/?id=50692&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50692&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50692&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50692&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50692&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50692&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50692&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50692&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50692&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50692&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50692&r=support Expected behavior: http://bugs.php.net/fix.php?id=50692&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50692&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50692&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50692&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50692&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50692&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50692&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50692&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50692&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50692&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50692&r=mysqlcfg
