From: [EMAIL PROTECTED] Operating system: Win2000 (also tested on Linux) PHP version: 4.1.1 PHP Bug Type: Feature/Change Request Bug description: rfc1867 file uploads should consider Content-length header
The RFC1867 compatible file upload feature in PHP is odd to use and has some shortcomings. Following are the issues that I would like to be changed (or maybe commented if I have just overlooked something): * Content-length header should be considered. When uploading a file, browsers usually supply a Content-length header with it, indicating the total size of posted data. The upload feature should consider it and compare it to post_max_size and upload_max_filesize configuration settings and maybe also the MAX_FILE_SIZE hidden field present in the form. When Content-length > (smallest of the three), the upload should terminate immediately and some sensible error returned to the user without ever receiving the full file. Also, when someone has played around with the incoming stream, upload should terminate IF content-length is small but the incoming byte stream is larger than the permitted values (i.e. limit is 2MB, and 2MB out of 100MB file has been uploaded, should terminate immediately and not wait until the end of 100MB). * MAX_FILE_SIZE has no effect It is said in the doc that the field is "advisory to the browser", but I have not found out what it is about. At least in case of IE 5.5 and Opera 6.01 it has NO effect. As said above, one application for this variable should be that when accepting an incoming upload, the engine should compare this variable to the value of the Content-length header and immediately terminate upload if Content-length > MAX_FILE_SIZE. -- Edit bug report at http://bugs.php.net/?id=15886&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=15886&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15886&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15886&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15886&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=15886&r=support Expected behavior: http://bugs.php.net/fix.php?id=15886&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15886&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=15886&r=submittedtwice