Bug #15886 Updated: rfc1867 file uploads should consider Content-length header

2002-04-29 Thread j . kase 

 ID:   15886
 Updated by:   [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
-Status:   Closed
+Status:   Open
 Bug Type: Feature/Change Request
 Operating System: Win2000 (also tested on Linux)
-PHP Version:  4.1.1
+PHP Version:  4.2.0
 New Comment:

Still remains with 4.2.0 at least on Windows - upload does not
terminate until the whole file has been uploaded, even if the file size
exceeds all the specified limits. My original idea was: if uploaded
file size (i.e. Content-Length) is bigger than any of the limits,
immediately terminate the upload without accepting further content.


Previous Comments:


[2002-04-04 07:25:01] [EMAIL PROTECTED]

This stuff should be fixed in PHP 4.2.0 (RCs can be found at
http://www.php.net/~derick/ )




[2002-03-05 15:14:41] [EMAIL PROTECTED]

The RFC1867 compatible file upload feature in PHP is odd to use and has
some shortcomings. Following are the issues that I would like to be
changed (or maybe commented if I have just overlooked something):

* Content-length header should be considered.

When uploading a file, browsers usually supply a Content-length header
with it, indicating the total size of posted data. The upload feature
should consider it and compare it to post_max_size and
upload_max_filesize configuration settings and maybe also the
MAX_FILE_SIZE hidden field present in the form. When Content-length 
(smallest of the three), the upload should terminate immediately and
some sensible error returned to the user without ever receiving the
full file. Also, when someone has played around with the incoming
stream, upload should terminate IF content-length is small but the
incoming byte stream is larger than the permitted values (i.e. limit is
2MB, and 2MB out of 100MB file has been uploaded, should terminate
immediately and not wait until the end of 100MB).

* MAX_FILE_SIZE has no effect

It is said in the doc that the field is advisory to the browser, but
I have not found out what it is about. At least in case of IE 5.5 and
Opera 6.01 it has NO effect. As said above, one application for this
variable should be that when accepting an incoming upload, the engine
should compare this variable to the value of the Content-length header
and immediately terminate upload if Content-length  MAX_FILE_SIZE.





-- 
Edit this bug report at http://bugs.php.net/?id=15886edit=1

Bug #15886 Updated: rfc1867 file uploads should consider Content-length header

2002-04-04 Thread sniper 

 ID:   15886
 Updated by:   [EMAIL PROTECTED]
 Reported By:  [EMAIL PROTECTED]
-Status:   Open
+Status:   Closed
 Bug Type: Feature/Change Request
 Operating System: Win2000 (also tested on Linux)
 PHP Version:  4.1.1
 New Comment:

This stuff should be fixed in PHP 4.2.0 (RCs can be found at
http://www.php.net/~derick/ )



Previous Comments:


[2002-03-05 15:14:41] [EMAIL PROTECTED]

The RFC1867 compatible file upload feature in PHP is odd to use and has
some shortcomings. Following are the issues that I would like to be
changed (or maybe commented if I have just overlooked something):

* Content-length header should be considered.

When uploading a file, browsers usually supply a Content-length header
with it, indicating the total size of posted data. The upload feature
should consider it and compare it to post_max_size and
upload_max_filesize configuration settings and maybe also the
MAX_FILE_SIZE hidden field present in the form. When Content-length 
(smallest of the three), the upload should terminate immediately and
some sensible error returned to the user without ever receiving the
full file. Also, when someone has played around with the incoming
stream, upload should terminate IF content-length is small but the
incoming byte stream is larger than the permitted values (i.e. limit is
2MB, and 2MB out of 100MB file has been uploaded, should terminate
immediately and not wait until the end of 100MB).

* MAX_FILE_SIZE has no effect

It is said in the doc that the field is advisory to the browser, but
I have not found out what it is about. At least in case of IE 5.5 and
Opera 6.01 it has NO effect. As said above, one application for this
variable should be that when accepting an incoming upload, the engine
should compare this variable to the value of the Content-length header
and immediately terminate upload if Content-length  MAX_FILE_SIZE.





-- 
Edit this bug report at http://bugs.php.net/?id=15886edit=1