[Wylug-help] PHP file upload problem
Gary Stainburn
gary.stainburn at ringways.co.uk
Tue May 24 11:04:27 BST 2005
I've turned on 'display_startup_errors = On' in php.ini and now I get:
Warning: Max file size of 9000 bytes exceeded - file [userfile] not
saved in Unknown on line 0
at the top of my output. The file I'm uploading is 34274 bytes long.
I've got set in the php.ini file:
post_max_size = 8M
upload_max_filesize = 9000
file_uploads = on
and I've even tried
upload_tmp_dir = /tmp/uploads/
having set up the dierectory (it did complain when the permissions were
wrong)
On Monday 23 May 2005 8:21 pm, Dave Brotherstone wrote:
> Just check that you have file_uploads set to on in your php.ini, and
> that the maximum size (in php.ini) is bigger than your file
> (presuming bookmarks.html contains the obvious, it should be). Other
> than that I can't see anything obvious in the source.
>
> Dave.
>
> On 23/05/05, Gary Stainburn <gary.stainburn at ringways.co.uk> wrote:
> > Hi folks.
> >
> > I've decided to have a look at writng a page with a file upload
> > form on it. I've lifted the example form and handler direct from
> > the PHP docs, and it has worked once.
> >
> > However, it now does not work, nor can I get enough info on how to
> > fix it. Below is the page I'm using, along with the output I'm
> > getting. The bit that looks dodgy is the tmp_name field.
> >
> > <file upload form>
> >
> > uploadfile=/var/www/html/stainburn.com/uploads/bookmarks.html
> >
> > Possible file upload attack!
> > Here is some more debugging info:Array
> > (
> > [userfile] => Array
> > (
> > [name] => bookmarks.html
> > [type] => text/html
> > [tmp_name] => none
> > [size] => 0
> > )
> >
> > )
> >
> > <!-- The data encoding type, enctype, MUST be specified as below
> > --> <form enctype="multipart/form-data" action="/upload.html"
> > method="POST"> <!-- MAX_FILE_SIZE must precede the file input field
> > --> <input type="hidden" name="MAX_FILE_SIZE" value="30000" /> <!--
> > Name of input element determines name in $_FILES array --> Send
> > this file: <input name="userfile" type="file" />
> > <input name="submit" type="submit" value="Send File" />
> > </form>
> > <?php
> > // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be
> > used instead
> > // of $_FILES.
> >
> > $uploaddir = '/var/www/html/stainburn.com/uploads/';
> > $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
> >
> > echo
> > "uploadfile=$uploadfile<br>tmp_name=".$_FILES['userfile']['tmp_file
> >name']."<p>"; echo '<pre>';
> > if (move_uploaded_file($_FILES['userfile']['tmp_name'],
> > $uploadfile)) { echo "File is valid, and was successfully
> > uploaded.\n"; } else {
> > echo "Possible file upload attack!\n";
> > }
> >
> > echo 'Here is some more debugging info:';
> > print_r($_FILES);
> >
> > print "</pre>";
> >
> > ?>
> > --
> > Gary Stainburn
> >
> > This email does not contain private or confidential material as it
> > may be snooped on by interested government parties for unknown
> > and undisclosed purposes - Regulation of Investigatory Powers Act,
> > 2000
> >
> > _______________________________________________
> > Wylug-help mailing list
> > Wylug-help at wylug.org.uk
> > http://mailman.lug.org.uk/mailman/listinfo/wylug-help
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the Wylug-help
mailing list