ID: 15886 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Closed +Status: Open Bug Type: Feature/Change Request Operating System: Win2000 (also tested on Linux) -PHP Version: 4.1.1 +PHP Version: 4.2.0 New Comment:
Still remains with 4.2.0 at least on Windows - upload does not terminate until the whole file has been uploaded, even if the file size exceeds all the specified limits. My original idea was: if uploaded file size (i.e. Content-Length) is bigger than any of the limits, immediately terminate the upload without accepting further content. Previous Comments: ------------------------------------------------------------------------ [2002-04-04 07:25:01] [EMAIL PROTECTED] This stuff should be fixed in PHP 4.2.0 (RCs can be found at http://www.php.net/~derick/ ) ------------------------------------------------------------------------ [2002-03-05 15:14:41] [EMAIL PROTECTED] The RFC1867 compatible file upload feature in PHP is odd to use and has some shortcomings. Following are the issues that I would like to be changed (or maybe commented if I have just overlooked something): * Content-length header should be considered. When uploading a file, browsers usually supply a Content-length header with it, indicating the total size of posted data. The upload feature should consider it and compare it to post_max_size and upload_max_filesize configuration settings and maybe also the MAX_FILE_SIZE hidden field present in the form. When Content-length > (smallest of the three), the upload should terminate immediately and some sensible error returned to the user without ever receiving the full file. Also, when someone has played around with the incoming stream, upload should terminate IF content-length is small but the incoming byte stream is larger than the permitted values (i.e. limit is 2MB, and 2MB out of 100MB file has been uploaded, should terminate immediately and not wait until the end of 100MB). * MAX_FILE_SIZE has no effect It is said in the doc that the field is "advisory to the browser", but I have not found out what it is about. At least in case of IE 5.5 and Opera 6.01 it has NO effect. As said above, one application for this variable should be that when accepting an incoming upload, the engine should compare this variable to the value of the Content-length header and immediately terminate upload if Content-length > MAX_FILE_SIZE. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15886&edit=1