Re: [PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[David Gebler]

On Wed, Sep 7, 2022 at 10:47 PM Kris Craig  wrote:

> On Wed, Sep 7, 2022 at 11:38 AM juan carlos morales <
> dev.juan.mora...@gmail.com> wrote:
>
> > I looked for a potential problem out of doing such a change but I could
> not
> > find anything.
> >
>
> Then I'd say it's a no-brainer.  The current 2 MB limit is simply outdated
> and needs to be increased to something a little more realistic.
>
> That said, I think 50 MB may be pushing it.  How about 20 MB, instead?
>
>
That's the obvious question; why 50MB? Why not 10, 20 or [fill in the
blank]MB?
I have no objection in principle to increasing the shipped default but
whatever number is picked, most devops/sysadmins are going to change it to
suit their needs. I would classify this as an unnecessary but harmless
change, since you should be tuning your engine configuration in any public
facing deployment anyway.

Re: [PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[G. P. B.]

On Wed, 7 Sept 2022 at 19:37, juan carlos morales <
dev.juan.mora...@gmail.com> wrote:

> By the Way... This needs an RFC right?
>

No it does not.

Best regards,

George P. Banyard

Re: [PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[Ben Ramsey]

On 9/7/22 16:46, Kris Craig wrote:

Lets respect the RFC protocol and wait the specified time to see if someone
else comes with something.

By the Way... This needs an RFC right?



Yes, most definitely.



Does it, though?

It's not a new feature, it's a very small change (lines-of-code-wise), 
and it won't break BC for anyone.


I'd suggest getting feedback from the list and making any changes 
requested. If there's not any major push-back, I don't think this needs 
to go through the RFC process.


Maybe I'm wrong, though. If so, speak up and add some "major push-back" 
to this thread. ;-)


--
Cheers,
Ben


OpenPGP_signature
Description: OpenPGP digital signature

Re: [PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[Kris Craig]

On Wed, Sep 7, 2022 at 11:38 AM juan carlos morales <
dev.juan.mora...@gmail.com> wrote:

> I looked for a potential problem out of doing such a change but I could not
> find anything.
>

Then I'd say it's a no-brainer.  The current 2 MB limit is simply outdated
and needs to be increased to something a little more realistic.

That said, I think 50 MB may be pushing it.  How about 20 MB, instead?


>
> But for sure such a change should be well marked in case is merge.
>
> I did not take look at the PR as that can wait also.
>
> Lets respect the RFC protocol and wait the specified time to see if someone
> else comes with something.
>
> By the Way... This needs an RFC right?
>

Yes, most definitely.

Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling

[Larry Garfield]

On Wed, Sep 7, 2022, at 10:37 AM, Tim Düsterhus wrote:
> Hi
>
> On 9/5/22 23:12, Larry Garfield wrote:
>>> RFC: Improve unserialize() error handling
>>> https://wiki.php.net/rfc/improve_unserialize_error_handling
>>>
>> Well-explained and well-argued.  The only thing I'd add is that we should 
>> consider bumping the E_NOTICE to an E_WARNING, *and* slating it to increase 
>> to an exception in 9.0.  This feels like a smaller BC concern than most, but 
>> people are extra sensitive these days about those edge cases so it's 
>> probably good to be cautious.
>
> Can you please clarify whether you mean:
>
> 1. Change the existing E_WARNING option to "E_WARNING+Exception in 9.0".
> 2. Add a new "E_WARNING+Exception in 9.0" option the vote, such that the 
> vote will be "E_WARNING" vs "E_WARNING+Exception in 9.0" vs "Exception"
>
> Best regards
> Tim Düsterhus

Either I guess?  Honestly we should decide that in advance on the list. :-)  
E_WARNING+Exception in 9 is what I'd probably favor, with "Exception now" as a 
second choice.

--Larry Garfield

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[juan carlos morales]

I looked for a potential problem out of doing such a change but I could not
find anything.

But for sure such a change should be well marked in case is merge.

I did not take look at the PR as that can wait also.

Lets respect the RFC protocol and wait the specified time to see if someone
else comes with something.

By the Way... This needs an RFC right?

Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling

[Tim Düsterhus]

Hi

On 9/5/22 23:12, Larry Garfield wrote:

RFC: Improve unserialize() error handling
https://wiki.php.net/rfc/improve_unserialize_error_handling


Well-explained and well-argued.  The only thing I'd add is that we should 
consider bumping the E_NOTICE to an E_WARNING, *and* slating it to increase to 
an exception in 9.0.  This feels like a smaller BC concern than most, but 
people are extra sensitive these days about those edge cases so it's probably 
good to be cautious.


Can you please clarify whether you mean:

1. Change the existing E_WARNING option to "E_WARNING+Exception in 9.0".
2. Add a new "E_WARNING+Exception in 9.0" option the vote, such that the 
vote will be "E_WARNING" vs "E_WARNING+Exception in 9.0" vs "Exception"


Best regards
Tim Düsterhus

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling

[Tim Düsterhus]

Hi

On 9/7/22 14:41, Côme Chilliet wrote:

Le lundi 5 septembre 2022, 19:20:00 CEST Tim Düsterhus a écrit :

RFC: Improve unserialize() error handling
https://wiki.php.net/rfc/improve_unserialize_error_handling


Is the new UnserializationFailedException class extending any other Exception
class ? This is not explained in the RFC.


Yes, it necessarily extends another exception class, because \Throwable 
may only be implemented by \Exception and \Error.


\UnserializationFailedException is a direct child of \Exception:

1. Making it part of the \Error hierarchy was argued against in this 
comment: https://github.com/php/php-src/pull/9185#issuecomment-1199580418


2. Using a different parent class does not bring any benefit, because 
the intended use is to specifically 
catch(\UnserializationFailedException) and not to catch it together with 
unrelated stuff.


I've also added a code block to the RFC that shows the full (and 
trivial) implementation of the \UnserializationFailedException.


Best regards
Tim Düsterhus

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[Ben Ramsey]

On 9/7/22 08:57, Misha wrote:

Hello everyone,

We spend a lot of time to increase limits for uploads file in PHP. Can we
increase it in php.ini?

Current value is 2Mb. Its so small value, when photo image can take 8Mb on
iPhone X.
We should increase it to 50Mb, because DevOps engineers do useless work
trying to change it.

I have prepared PR for it https://github.com/php/php-src/pull/9315

Take a look and approve it please.

Thanks!



DevOps engineers should automate as much as possible and store custom 
php.ini files in configurations so they don’t have to change these 
values each time they launch a new system. ;-)


That said, I don’t have a problem with increasing the limit, but as 
Christoph said, 50MB might be too much, and the actual default values 
should change.


--
Cheers,
Ben


OpenPGP_signature
Description: OpenPGP digital signature

[PHP-DEV] Re: Increase maximum size of an uploaded file to 50Mbyte

[Christoph M. Becker]

On 07.09.2022 at 15:57, Misha wrote:

> We spend a lot of time to increase limits for uploads file in PHP. Can we
> increase it in php.ini?
>
> Current value is 2Mb. Its so small value, when photo image can take 8Mb on
> iPhone X.
> We should increase it to 50Mb, because DevOps engineers do useless work
> trying to change it.
>
> I have prepared PR for it https://github.com/php/php-src/pull/9315

I'm not against increasing the sizes, but 50MB might be too much.

Anyway, only changing the php.ini files doesn't make sense in my
opinion, since they're probably only used on Windows, and they should
reflect the actual default values[1].

[1]


--
Christoph M. Becker

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] Increase maximum size of an uploaded file to 50Mbyte

[Misha]

Hello everyone,

We spend a lot of time to increase limits for uploads file in PHP. Can we
increase it in php.ini?

Current value is 2Mb. Its so small value, when photo image can take 8Mb on
iPhone X.
We should increase it to 50Mb, because DevOps engineers do useless work
trying to change it.

I have prepared PR for it https://github.com/php/php-src/pull/9315

Take a look and approve it please.

Thanks!

-- 
Best regards, Michail

Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling

[Côme Chilliet]

Le lundi 5 septembre 2022, 19:20:00 CEST Tim Düsterhus a écrit :
> RFC: Improve unserialize() error handling
> https://wiki.php.net/rfc/improve_unserialize_error_handling

Is the new UnserializationFailedException class extending any other Exception 
class ? This is not explained in the RFC.

Côme


signature.asc
Description: This is a digitally signed message part.