On Saturday 22 September 2007 7:39:01 pm Dan Parry wrote:
> > -----Original Message-----
> > From: Ray [mailto:[EMAIL PROTECTED]
> > Sent: 23 September 2007 02:25
> > To: php-general@lists.php.net
> > Subject: Re: [PHP] MAX_FILE_SIZE not working with file uploads
> >
> > On Saturday 22 September 2007 7:44:55 pm Jeff Cohan wrote:
> > > Dan Parry wrote:
> > > > I might be wrong but this would be classed as
> > > > 'exploitable'... Webservers should not be allowed
> > > > to read from or write to clients... Of course there
> > > > is ActiveX...
> > >
> > > I think we're off the point.
> > >
> > > My script is simply interrogating the value of the
> > > $_FILES[userfile][size] array element. It's coming up as ZERO if it
> > > exceeds the MAX_FILE_SIZE.
> >
> > Exactly, no valid file was uploaded. The size of the valid file is
> > therefore
> > zero.
> >
> > > That seems odd to me.
> > > But maybe that's
> > > the way it's SUPPOSED to work. That's why I started this thread out
> > > with "What am I missing?".
> > >
> > > Said another way:
> > >
> > > It seems that the server had to know the size of the file in order
> > > to know it exceeded MAX_FILE_SIZE. So how can my script find out the
> > > size?
> >
> > Can you use Javascript to check file size client side, send data via
> > AJAX then
> > issue warnings
>
> This would be the exploitable 'feature' I mentioned... Client-side files
> should never be readable
>
> Dan
If the contents of a file were readable, I would definitely agree with you.
I'm not convinced that the ability to detect the filesize of a file that the
user selected would be exploitable, but it's a moot point as it doesn't work
in javascript. (as someone else pointed out, maybe activeX?)
I'm not a javaScript expert, but I am learning, so I dug out the book, and put
together the following script. (Ugly, insecure, and doesn't really do
anything, but quick and It works, at least on my machine/browser combo)
Select a file, and the page will tell you everything It can about the file. My
machine reports size as zero.
Ray
(Script guaranteed to occupy 0 or more bites of diskspace.)
<html>
<head><TITLE>test</TITLE>
<script type="text/javascript">
function uptest()
{
alert (document.test.fileTest.defaultValue);
alert (document.test.fileTest.form);
alert (document.test.fileTest.name);
alert (document.test.fileTest.readOnly);
alert ('size follows');
alert (document.test.fileTest.size);
alert (document.test.fileTest.type);
alert (document.test.fileTest.value);
}
</script>
</head>
<body>
<form name="test" method="post">
File: <input type="file" onchange="uptest()" name="fileTest"/>
</form>
</body>
</html>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
