ID: 31764 Comment by: wvdm at vodamail dot co dot za Reported By: t dot schoebel at hamburg dot de Status: No Feedback Bug Type: HTTP related Operating System: Debian 3.0 Woody PHP Version: 4.3.10 New Comment:
My php file - It just hangs no error nothing: <?php $prefix="xyz"; $uploadfile = $prefix.basename($_FILES['userfile']['name']); $valid_ref1="http://www.xxxx.co.za/download/uploadF.php";; echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; echo POST_FILE_SIZE =(ini_get('post_max_size') +1)."\n"; print_r($_FILES); echo "<script language=\"JavaScript\">\n"; echo "top.location.href = \"$valid_ref1\"\n;></script>"; exit; } else { echo "Possible file upload attack!\n"; echo "Here is some more debugging info:"; print_r($_FILES); } print "</pre>"; ?> and the form: <form enctype="multipart/form-data" action="uploadP.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="500000"/> <input type="submit" value="Send File" /> </form> Previous Comments: ------------------------------------------------------------------------ [2005-02-11 01:00:41] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2005-02-03 05:13:12] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-01-30 12:57:17] t dot schoebel at hamburg dot de Description: ------------ I'm hosting a costumer, who uses an old script written for php 3.x. If at the same time some visitors uploads an image, apache "crashed". The load average jumps to 50 > an there is no possible to connect to the server via ssh anymore. In the error.log i get i.e. the following messages: [Sat Jan 29 01:35:30 2005] [warn] child process 24784 still did not exit, sending a SIGTERM Reproduce code: --------------- <form ENCTYPE="multipart/form-data" name=info method=post ACTION="page.upload.php"> <table> <tr> <td>Datei:</td> <td> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"><input name="userfile" type="file" <? echo $styleform3; ?>> <INPUT TYPE="hidden" NAME="code" value="1"><br> <INPUT TYPE="hidden" NAME="user" value="<? echo $user;?>"></td> </tr> ... if (is_uploaded_file ($userfile)){ $dir = "/var/kunden/webs/web1/tmp/"; move_uploaded_file($userfile,$dir.$userfile_name) ; } Expected result: ---------------- When I upload an image, which is more than 100000 bytes big, cause of the html-code <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> it's given, i get an php error, that the script gets no data. Apache breaks the transfer to php, cause the image is bigger then 100000 bytes. Actual result: -------------- If you delete the hmtl-tag <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000"> an add in your script a check, written in php, for the size and may be the type of the file, you won't get an apache "crash". ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31764&edit=1
