RE: [PHP] Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL)

Fri, 18 Mar 2005 09:48:28 -0800 

[code]
<?php

        // Variable-ize all of the attributes of the file object
                $binFile = $_FILES['binFile'];
                $binFile_name = $_FILES['binFile']['name'];
                $binFile_size = $_FILES['binFile']['size'];
                $binFile_type = $_FILES['binFile']['type'];
                $binFile_tmp = $_FILES['binFile']['tmp_name'];
        // Get sender information
                $author = "test";
                $recipient = "test";
        // Tracking information on the file
                $date_submitted = date('Y-m-d H:i:s');
                $txtDescription = "test";
                $binFile_unique =
md5($author.$txtDescription.$binFile_name);
                $email_id = "test";
                
                $data = file_get_contents($binFile_tmp);
                $bytes_in_data = strlen($data);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" enctype="multipart/form-data" method="post" action="">
  <p>
    <input name="binFile" type="file" size="50">
</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
</p>
</form>

<?php echo $bytes_in_data; ?>

</body>
</html>
[/code]

Here is a proof of concept.. I loaded up the nVidia drivers to my default
tmp directory, then echoed out the strlen of the file when opened in
file_get_contents function.  It gave out the correct size.

>From here, I'm just going to see if it encrypts and spits out a different
(or no) number.

-----Original Message-----
From: Marek Kilimajer [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 18, 2005 4:26 AM
To: [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] Files upload - Encrypt into a variable - Do not
injectinto db (PHP/Apache/MySQL)

Steven Altsman wrote:
> Yes, the link is http://www.radinks.com/upload/config.php
> 
> file_uploads = On
> upload_max_filesize = 40M
> max_input_time = 9000 (seconds)
> memory_limit (not limited, per handload config, from source)
> max_execution_time = 9000 (seconds)
> post_max_size = 40M
> 
> also, hidden INPUT tag MAX_FILE_SIZE with value="40000", which I'm
guessing
> needs it in kilobytes.

It's in bytes.

Check apache's config, namely LimitRequestBody directive.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to