Re: [PHP] uploads
On Sun, April 29, 2007 4:35 pm, jekillen wrote: > can someone point me to a system for cleaning > uploaded files; embedded php scripts in image > files, viruses etc, shell escape chars, anything > that would be hazardous? > The idea is when a file is uploaded, as soon > as it gets to the server it is inspected, cleaned/rejected > before it is used or sent anywhere else on the server. > I am using php to upload anything that would be sent > in an e-mail attachment. Once the files have been > 'sanitized' they would be made available for display. What you are asking for is a "blacklist" of all known viruses... At that point, you'd want to run something huge like clam-av and/or spamassassin and/or a generic anti-virus software. For *most* PHP web applications, what you REALLY want is a very very very limited allowed set of "whitelist" of kinds of files to upload -- like only images and PDFs. If that's what you actually want, it's better to try to check that the uploaded files *ARE* images or PDFs, than it is to try to rule out every possible virus ever invented... I.e., a security "whitelist" approach is almost always better than a "blacklist" approach. Of course, if you are writing a generic email client type application, then, yes, you have to go with a generic anti-virus tool like clam-av or whatever. It almost-for-sure won't actually be in PHP, and you'll probably have to use http://php.net/exec, and you may even need to re-think the general architecture so that the inbound email gets put into some kind of normal mail queue, and then scrubbed, and then passed into some kind of normal IMAP mailbox, and then PHP reads the IMAP mailbox, with PHP taking a "hands off" approach to the actual scrubbing. At least, that's the way *I* would do it. Errr, am doing it. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] uploads
On 4/29/07, jekillen <[EMAIL PROTECTED]> wrote: Hello again; can someone point me to a system for cleaning uploaded files; embedded php scripts in image files, viruses etc, shell escape chars, anything that would be hazardous? The idea is when a file is uploaded, as soon as it gets to the server it is inspected, cleaned/rejected before it is used or sent anywhere else on the server. I am using php to upload anything that would be sent in an e-mail attachment. Once the files have been 'sanitized' they would be made available for display. Thanks in advance; Jeff k What's your platform? Windows or Linux? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] uploads work sometimes
On Friday 12 July 2002 03:27, Tyler Longren wrote:
> Hi,
>
> I have a form:
>
>
> And the code that processes the form:
> if ($_FILES['pdfFile']['name'] == "") {
> print "You must select a file to upload";
> }
> else {
> // code to add data to db
> }
>
> This works on my server at home (when I select a file to upload, it sees
> the filename in $_FILES['pdfFile']['name'], but on a server at work,
> it's blank so I see the error "You must select a file to upload".
>
> Any ideas on why this might happen? Is there anything in php.ini that
> could be wrong (it works here at home when register_globals is set to on
> or off)?
What would help is what version(s) of php are you using?
Things to check:
If php < 4.1.X then $_FILES[] is not available, use $HTTP_POST_FILES[],
If upload fails for any reason then (I believe), $_FILES['pdfFile']['name']
would be empty. So:
php.ini --> upload enabled? Are the other settings governing uploads set to
reasonable values? Check manual > Handling file uploads > Common Pitfalls to
see what these settings are.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
Machines that have broken down will work perfectly when the repairman arrives.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Uploads
Ok, I've run into this myself. Two possible reasons: 1. PHP 2. MySQL NOT POSSIBLE REASON: execution time. You only get to execution time after uploading the data, so that doesn't count - you may take long to send the actual file, not afterwards. Ok, the two possibilities: 1. PHP php.ini, as you suggested may be the problem (i.e. you don't allow PHP to use more than 6 megs memory, so it can't store the larger-than-6-megs file you upload). However, the default PHP setting is 8 MB in this regard, so you shouldn't have problems at 6 megs. 2. MySQL If you use MySQL then there's a limit for query size - I suppose you _do_ something with that file, and since that usually is storing it into a database and the general database system of choice is MySQL, I think my suggestion is not as far fetched as it may prove to be in the end. (too long a phrase, huh?) So, if that's the case, you should check this out: You can also get these errors if you send a query to the server that is incorrect or too large. If mysqld gets a packet that is too large or out of order, it assumes that something has gone wrong with the client and closes the connection. If you need big queries (for example, if you are working with big BLOB columns), you can increase the query limit by starting mysqld with the -O max_allowed_packet=# option (default 1M). The extra memory is allocated on demand, so mysqld will use more memory only when you issue a big query or when mysqld must return a big result row! - Bogdan Ronald Tezuka wrote: > If anyone can help me out, that'd be greatly appreciated. I'm trying to > create an upload form. Now I've checked both in books and online, and maybe > it's becuase I'm trying a weird application, but I can't seem to get uploads > greater than 6 megs. If it is greater than 6 megs, it loads up a blank page > even if I have the PHP script that outputs an HTML file. Anyway I checked > online when I was first did this and figured out to increase the max value > in the php.ini file from 2 megs to much higher. I'm still having trouble > though. > Here's what I am using > Omnihttpd 2.09 > PHP 4.02 > Windows 98 (4.10.1998) > and IE 4.72.3110 > So if anyone knows why I can't upload files greater than 6 megs > (approximate) it'd be greatly appreciated if you'd help me. Thanks > > Ron > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uploads
On Tuesday 22 January 2002 07:35, Ronald Tezuka wrote: > I've got it set to 100 megs for both the browser and the php.ini file, I > just set a really high limit as not to come close to the files I am trying > to upload. However it still seems to load up a blank page and doesn't > upload the file if greater than 6 megs. Did you restart the webserver after changing the settings? -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* I can hire one half of the working class to kill the other half. -- Jay Gould */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uploads
I've got it set to 100 megs for both the browser and the php.ini file, I just set a really high limit as not to come close to the files I am trying to upload. However it still seems to load up a blank page and doesn't upload the file if greater than 6 megs. Ron >From: "Dennis Moore" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: [PHP] Uploads >Date: Mon, 21 Jan 2002 18:23:25 -0500 > >make sure you set the max_file_size in your form. > >ie > >or set it in your php.ini or .htaccess file. > >/dkm > >- Original Message - >From: "Ronald Tezuka" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, January 21, 2002 5:50 PM >Subject: [PHP] Uploads > > > > If anyone can help me out, that'd be greatly appreciated. I'm trying to > > create an upload form. Now I've checked both in books and online, and >maybe > > it's becuase I'm trying a weird application, but I can't seem to get >uploads > > greater than 6 megs. If it is greater than 6 megs, it loads up a blank >page > > even if I have the PHP script that outputs an HTML file. Anyway I >checked > > online when I was first did this and figured out to increase the max >value > > in the php.ini file from 2 megs to much higher. I'm still having >trouble > > though. > > Here's what I am using > > Omnihttpd 2.09 > > PHP 4.02 > > Windows 98 (4.10.1998) > > and IE 4.72.3110 > > So if anyone knows why I can't upload files greater than 6 megs > > (approximate) it'd be greatly appreciated if you'd help me. Thanks > > > > Ron > > > > _ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] > _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uploads
Okay, I changed the max execution time from 30 seconds to 3000 seconds (approximately 50 minutes) It still happens though. Is there a client side timeout (browser) that I need to change? I couldn't find any sort of option like that in Internet Explorer. Ron >From: "Jim Lucas [php]" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: [PHP] Uploads >Date: Mon, 21 Jan 2002 15:01:37 -0800 > >make sure you increase your script timeout limit. >Jim Lucas >- Original Message - >From: "Ronald Tezuka" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, January 21, 2002 2:50 PM >Subject: [PHP] Uploads > > > > If anyone can help me out, that'd be greatly appreciated. I'm trying to > > create an upload form. Now I've checked both in books and online, and >maybe > > it's becuase I'm trying a weird application, but I can't seem to get >uploads > > greater than 6 megs. If it is greater than 6 megs, it loads up a blank >page > > even if I have the PHP script that outputs an HTML file. Anyway I >checked > > online when I was first did this and figured out to increase the max >value > > in the php.ini file from 2 megs to much higher. I'm still having >trouble > > though. > > Here's what I am using > > Omnihttpd 2.09 > > PHP 4.02 > > Windows 98 (4.10.1998) > > and IE 4.72.3110 > > So if anyone knows why I can't upload files greater than 6 megs > > (approximate) it'd be greatly appreciated if you'd help me. Thanks > > > > Ron > > > > _ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uploads
make sure you set the max_file_size in your form. ie or set it in your php.ini or .htaccess file. /dkm - Original Message - From: "Ronald Tezuka" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 21, 2002 5:50 PM Subject: [PHP] Uploads > If anyone can help me out, that'd be greatly appreciated. I'm trying to > create an upload form. Now I've checked both in books and online, and maybe > it's becuase I'm trying a weird application, but I can't seem to get uploads > greater than 6 megs. If it is greater than 6 megs, it loads up a blank page > even if I have the PHP script that outputs an HTML file. Anyway I checked > online when I was first did this and figured out to increase the max value > in the php.ini file from 2 megs to much higher. I'm still having trouble > though. > Here's what I am using > Omnihttpd 2.09 > PHP 4.02 > Windows 98 (4.10.1998) > and IE 4.72.3110 > So if anyone knows why I can't upload files greater than 6 megs > (approximate) it'd be greatly appreciated if you'd help me. Thanks > > Ron > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uploads
make sure you increase your script timeout limit. Jim Lucas - Original Message - From: "Ronald Tezuka" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 21, 2002 2:50 PM Subject: [PHP] Uploads > If anyone can help me out, that'd be greatly appreciated. I'm trying to > create an upload form. Now I've checked both in books and online, and maybe > it's becuase I'm trying a weird application, but I can't seem to get uploads > greater than 6 megs. If it is greater than 6 megs, it loads up a blank page > even if I have the PHP script that outputs an HTML file. Anyway I checked > online when I was first did this and figured out to increase the max value > in the php.ini file from 2 megs to much higher. I'm still having trouble > though. > Here's what I am using > Omnihttpd 2.09 > PHP 4.02 > Windows 98 (4.10.1998) > and IE 4.72.3110 > So if anyone knows why I can't upload files greater than 6 megs > (approximate) it'd be greatly appreciated if you'd help me. Thanks > > Ron > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
