#33730 [NEW]: Super global arrays empty on large file upload

Sat, 16 Jul 2005 12:53:17 -0700 

From:             stephen dot ball at gmail dot com
Operating system: Windows XP Professional SP2
PHP version:      4.3.11
PHP Bug Type:     Apache2 related
Bug description:  Super global arrays empty on large file upload

Description:
------------
When selecting a file to upload files which are massively larger than the
upload limit cause the super global arrays $_POST, $_GET, $_REQUEST and
$_FILES to be empty.

Reproduce code:
---------------
form.html
<form enctype="multipart/form-data" action="upload.php" method="POST">
    <input type="hidden" name="test" value="value" />
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

upload.php
<?php
print_r($_POST);
print_r($_REQUEST);

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

print "</pre>";

?> 

Expected result:
----------------
array("test" => "value")
array("test" => "value")
Possible file upload attack! (due to the fact that the file is too large)

Actual result:
--------------
array()
array()
Possible file upload attack!

-- 
Edit bug report at http://bugs.php.net/?id=33730&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=33730&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=33730&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=33730&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=33730&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=33730&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=33730&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=33730&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=33730&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=33730&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=33730&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=33730&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=33730&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=33730&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=33730&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=33730&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=33730&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=33730&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=33730&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=33730&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=33730&r=mysqlcfg

Reply via email to