El mié, 30-01-2002 a las 17:39, Bertrand Mansion escribió:
> <[EMAIL PROTECTED]> wrote :
>
> > El mié, 30-01-2002 a las 10:26, Stig Bakken escribió:
> >> ssb Wed Jan 30 04:26:25 2002 EDT
> >>
> >> Modified files:
> >> /php4/pear/HTML Form.php
> >> Log:
> >> * XHTML fixes by Hans Westerbeek
> >>
> >>
> >> ----
> >>
> >
> >> Index: php4/pear/HTML/Form.php
> >> diff -u php4/pear/HTML/Form.php:1.21 php4/pear/HTML/Form.php:1.22
> >>
> >> @@ -445,30 +445,29 @@
> >> function displayFile($name, $maxsize = HTML_FORM_MAX_FILE_SIZE,
> >> $size = HTML_FORM_TEXT_SIZE, $accept = '')
> >> {
> >> - print "<INPUT TYPE=\"file\" NAME=\"$name\" MAXSIZE=\"$maxsize\"
> >> SIZE=\"$size\"";
> >> + print "<input type=\"file\" name=\"$name\" maxsize=\"$maxsize\"
> >> size=\"$size\"";
> >> if ($accept) {
> >> - print " ACCEPT=\"$accept\"";
> >> + print " accept=\"$accept\"";
> >> }
> >> - print ">";
> >> + print "/>";
> >>
> >> }
> >>
> >
> > I'm curious about the "maxsize" attrib for setting the max size in a
> > "input file". AFAIK this attrib is not specified in the HTML 4.0 W3
> > Specs and isn't supported by the PHP upload system.
> >
> > So my question is: for what is that attrib there? :-)
> >
> > I guess that the only thing to limit the size (which will limit the size
> > for all files) is with a hidden name MAX_FILE_SIZE.
>
> I am puzzled with file uploads too, for HTML_QuickForm. Setting the
> max_file_size doesn't change anything and it seems that there are
> incompatibilities with Opera browser, at least with version 6.
>
> Does PHP return an error or a message when the uploaded file is larger than
> max_file_size in the hidden field or larger than the php.ini upload
> parameter ?
>
> When testing, it seems that the script just ends without notice if uploaded
> file is too large. This way, I can't unfortunately indicate to the user that
> his file is too large.
In a common upload one get in HTTP_POST_FILES:
userfile => array(
'name' => ..
'tmp_name' => ..
'type' => ..
'size' => ...
)
Previous to 4.1 when the file was too large one got: tmp_name -> 'none'.
But the "name" field filled, so I was able to say to the user: in the
input type file "usefile" you submited a file that exceeded the max
permitted size. In the other hand if the user doesn't submit any file
you get: name -> '', so you could say: you haven't submited any file in
the input "userfile". Not very intuitive but worked fine.
Now in 4.1 if the user exceeded the max size or doesn't submit any file
the HTTP_POST_FILES is empty, so no way to detect what happens.
In the next X release I heared from Jani that a new entry 'error' will
be filled with a new PHP constants (or whatever):
>From CVS main/rfc1867.c
/* Errors */
#define UPLOAD_ERROR_A 1 /* Uploaded file exceeded upload_max_filesize
*/
#define UPLOAD_ERROR_B 2 /* Uploaded file exceeded MAX_FILE_SIZE */
#define UPLOAD_ERROR_C 3 /* Only partiallly uploaded */
#define UPLOAD_ERROR_D 4 /* No file uploaded */
#define UPLOAD_ERROR_E 5 /* Uploaded file size 0 bytes */
As you can see in the next release we will able to get a detailed error
without more tricky work. Cool stuff Jani.
> Hidden fields are low in term of security as they can be modified by user.
Yes, it also limits the developer to set a unique max size for all the
files, plus the fact that is easily falseable as you say. The easy
solution is to only rely in upload_max_filesize from php.ini or just
restrict the size per file in the page that gets the uploads.
> Could someone point me to resources about file uploads handling in PHP (as
> it also seems there are changes in PHP 4.1). I have RTFM but it didn't help.
The test/error was for me the only way to build HTTP_Upload.
Tomas V.V.Cox
> Bertrand Mansion
> Mamasam
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
