ID: 20570
Updated by: [EMAIL PROTECTED]
Reported By: Xuefer at 21cn dot com
-Status: Open
+Status: Assigned
Bug Type: Documentation problem
Operating System: independency
PHP Version: 4.3.0
-Assigned To:
+Assigned To: nlopess
New Comment:
I'll take care of this
Previous Comments:
------------------------------------------------------------------------
[2003-01-25 21:51:41] [EMAIL PROTECTED]
Still open, more information is needed in these docs regarding all of
this.
------------------------------------------------------------------------
[2003-01-25 20:04:02] Xuefer at 21cn dot com
sorry, there is step 3, php itself does check MAX_FILE_SIZE
if MAX_FILE_SIZE is for script not for php itself, it shouldn't mention
by document
look at these code:
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
if (!strcmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
}
==========
else if (max_file_size && (total_bytes > max_file_size)) {
sapi_module.sapi_error(E_WARNING, "MAX_FILE_SIZE of %ld bytes
exceeded - file [%s=%s] not saved", max_file_size, param, filename);
cancel_upload = UPLOAD_ERROR_B;
} else if
...........
------------------------------------------------------------------------
[2003-01-25 13:18:54] [EMAIL PROTECTED]
there is no step 3, php itself does not check MAX_FILE_SIZE
(unless your script does)
will add the "user won't have to wait to long" part
------------------------------------------------------------------------
[2002-11-22 08:38:47] Xuefer at 21cn dot com
[quote from php manual
mian>>feature>>handling file uploads]
The MAX_FILE_SIZE hidden field must precede the file input field and
its value is the maximum filesize accepted. The value is in bytes.
[warnning]
warning: The MAX_FILE_SIZE is advisory to the browser. It is easy to
circumvent this maximum. So don't count on it that the browser obeys
you wish! The PHP-settings for maximum-size, however, cannot be fooled.
[/warnning]
[/quote]
it doesn't tell how php check the size
1 year ago I 1st time read it, and re-read it today, finally get what
it means
document should tell more to programmers:
----------
1. user's file size is checked at the beginning of transfer before
upload is done
2. hard limit: file size is check against "PHP-settings for
maximum-size", file which larger will be refused
3. then, soft limit: check against "MAX_FILE_SIZE" if there is one
hidden value before input file field
4. when transfer done, php-script is active, manage to store the
uploaded-file, however, value of MAX_FILE_SIZE easy to circumvent, and
cannot be trust on, your php-script should re-check the uploaded file
size as u wish.
FAQ: u said MAX_FILE_SIZE is untrustable, why we should make use of it?
why not use only php-script to check filesize?
answer: in current php, handling of upload file, scirpt is not active,
thus, cannot check filesize until transfer of upload file is done.
MAX_FILE_SIZE get ability to soft limit the filesize before user have
to wait too long.
----------
this is what i comprehend :)
yes, it's too long, hope u guys can refine it, and put into new version
of phpmanual
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20570&edit=1
