ID: 46527 User updated by: krudtaa at yahoo dot com Reported By: krudtaa at yahoo dot com Status: Open Bug Type: Unknown/Other Function Operating System: Win XP PHP Version: 6CVS-2008-11-09 (snap) New Comment:
lbarnaud wrote: "After the script is executed PHP may ensures that all POST data has been read. This avoids breaking the HTTP protocol (in case of keep-alive connections, etc)." I still belive it should be possible to make sure the files are NOT uploaded before the script "bails out". Why not give us, the users of PHP, the possibility to supply a hidden field in the form, if this hidden field is present, then PHP should not let the files be transferred to the server if they are to large, and the developer should be able to test if that was the case in order to act accordingly..... Then it would not break any HTTP protocol and those who does not want the server to handle that extra load can use the hidden field to prevent it.... Previous Comments: ------------------------------------------------------------------------ [2008-11-09 19:21:10] [EMAIL PROTECTED] If the size of the input sent by the client is larger than post_max_size, the POST handler just do not try to "parse" the posted data (which results in no upload hooks, empty $_POST, empty $_FILES, etc). After the script is executed PHP may ensures that all POST data has been read. This avoids breaking the HTTP protocol (in case of keep-alive connections, etc). ------------------------------------------------------------------------ [2008-11-09 09:25:58] krudtaa at yahoo dot com Description: ------------ If you try to upload file(s) to the server and the files are larger than specified in upload_max_filesize and post_max_size then it looks like the files are uploaded to the server. I have tested this on a file that was 100M large and where upload_max_filesize and post_max_size where set to 55M. I see that the time before the script is beeing loaded after submission is approx the same regardless if the uploaded files are larger or smaller than what is specified in upload_max_filesize and post_max_size. It would be nice to see a fix for this issue, since I do not see why the server should use resources on uploading the file(s) if it does not meet the criteria set in upload_max_filesize and post_max_size. I belive PHP should abort the upload immediately when the form is beeing submitted and that it should be possible to detect what the reason for the bailout was in the script. I have tested Arnaud Le Blanc's "Upload progress in sessions" patch which can be found here: http://wiki.php.net/rfc/session_upload_progress When the filesize was to large both the files array is empty and the session variable created by Arnaud's "Upload progress in sessions" are not created. I do not belive Arnaud's patch is the cause for this though, mainly because of the feedback in this thread: http://pecl.php.net/bugs/bug.php?id=9330&edit=1 Hope someone can fix this ASAP both in the upcoming PHP 6.0 version as well as in next versions of PHP 5.3 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46527&edit=1
