ID: 8700 Updated by: sniper Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: Unknown/Other Function Assigned To: Comments: Feedback by: Jon Tai <[EMAIL PROTECTED]> --------------------------------- My best guess is that you're trying to uploading a file bigger than 1000 bytes (only 1k). In my experience, the browser doesn't actually send the file if it's bigger than MAX_FILE_SIZE. In my scripts, I use: <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo ((int) get_cfg_var("upload_max_filesize"))*1024*1024; ?>"> so that MAX_FILE_SIZE is always consistent with what php.ini allows. Previous Comments: --------------------------------------------------------------------------- [2001-01-14 15:14:38] [EMAIL PROTECTED] -- test.php -- <FORM ENCTYPE="multipart/form-data" ACTION="test_upload.php" METHOD=POST> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000"> Send this file: <INPUT NAME="userfile" TYPE="file"> <INPUT TYPE="submit" VALUE="Send File"> </FORM> -- test_upload.php -- <?php if (is_uploaded_file($userfile)) { copy($userfile, "/tmp/testupload"); } else { echo "Possible file upload attack: filename '$userfile'."; } ?> Browser sends file.. but above script reports Possible file upload attack: none everytime you upload a file.. file is not to be found anywhere on the system. --------------------------------------------------------------------------- Full Bug description available at: http://bugs.php.net/?id=8700 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]