ID: 20570
Updated by: [EMAIL PROTECTED]
Reported By: Xuefer at 21cn dot com
-Status: Assigned
+Status: Closed
Bug Type: Documentation problem
Operating System: independency
PHP Version: 4.3.0
Assigned To: nlopess
New Comment:
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.
Thank you for the report, and for helping us make our documentation
better.
I've read all the docs and sources and updated the docs.
I think now everything is clear enough.
Previous Comments:
------------------------------------------------------------------------
[2004-02-29 06:13:25] [EMAIL PROTECTED]
I'll take care of this
------------------------------------------------------------------------
[2003-01-25 21:51:41] [EMAIL PROTECTED]
Still open, more information is needed in these docs regarding all of
this.
------------------------------------------------------------------------
[2003-01-25 20:04:02] Xuefer at 21cn dot com
sorry, there is step 3, php itself does check MAX_FILE_SIZE
if MAX_FILE_SIZE is for script not for php itself, it shouldn't mention
by document
look at these code:
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
if (!strcmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
}
==========
else if (max_file_size && (total_bytes > max_file_size)) {
sapi_module.sapi_error(E_WARNING, "MAX_FILE_SIZE of %ld bytes
exceeded - file [%s=%s] not saved", max_file_size, param, filename);
cancel_upload = UPLOAD_ERROR_B;
} else if
...........
------------------------------------------------------------------------
[2003-01-25 13:18:54] [EMAIL PROTECTED]
there is no step 3, php itself does not check MAX_FILE_SIZE
(unless your script does)
will add the "user won't have to wait to long" part
------------------------------------------------------------------------
[2002-11-22 08:38:47] Xuefer at 21cn dot com
[quote from php manual
mian>>feature>>handling file uploads]
The MAX_FILE_SIZE hidden field must precede the file input field and
its value is the maximum filesize accepted. The value is in bytes.
[warnning]
warning: The MAX_FILE_SIZE is advisory to the browser. It is easy to
circumvent this maximum. So don't count on it that the browser obeys
you wish! The PHP-settings for maximum-size, however, cannot be fooled.
[/warnning]
[/quote]
it doesn't tell how php check the size
1 year ago I 1st time read it, and re-read it today, finally get what
it means
document should tell more to programmers:
----------
1. user's file size is checked at the beginning of transfer before
upload is done
2. hard limit: file size is check against "PHP-settings for
maximum-size", file which larger will be refused
3. then, soft limit: check against "MAX_FILE_SIZE" if there is one
hidden value before input file field
4. when transfer done, php-script is active, manage to store the
uploaded-file, however, value of MAX_FILE_SIZE easy to circumvent, and
cannot be trust on, your php-script should re-check the uploaded file
size as u wish.
FAQ: u said MAX_FILE_SIZE is untrustable, why we should make use of it?
why not use only php-script to check filesize?
answer: in current php, handling of upload file, scirpt is not active,
thus, cannot check filesize until transfer of upload file is done.
MAX_FILE_SIZE get ability to soft limit the filesize before user have
to wait too long.
----------
this is what i comprehend :)
yes, it's too long, hope u guys can refine it, and put into new version
of phpmanual
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20570&edit=1
