ID: 8700
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: Unknown/Other Function
Assigned To:
Comments:
Feedback by: Jon Tai <[EMAIL PROTECTED]>
---------------------------------
My best guess is that you're trying to uploading a file bigger than 1000
bytes (only 1k). In my experience, the browser doesn't actually send the
file if it's bigger than MAX_FILE_SIZE. In my scripts, I use:
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo ((int)
get_cfg_var("upload_max_filesize"))*1024*1024; ?>">
so that MAX_FILE_SIZE is always consistent with what php.ini allows.
Previous Comments:
---------------------------------------------------------------------------
[2001-01-14 15:14:38] [EMAIL PROTECTED]
-- test.php --
<FORM ENCTYPE="multipart/form-data" ACTION="test_upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
-- test_upload.php --
<?php
if (is_uploaded_file($userfile)) {
copy($userfile, "/tmp/testupload");
} else {
echo "Possible file upload attack: filename '$userfile'.";
}
?>
Browser sends file..
but above script reports
Possible file upload attack: none
everytime you upload a file.. file is not to be found anywhere on the system.
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=8700
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
