[Wylug-help] PHP file upload problem
Gary Stainburn
gary.stainburn at ringways.co.uk
Tue May 24 11:51:14 BST 2005
The problem turned out to be the MAX_FILE_SIZE in the form and not the
value in the php.ini file.
It turns out that although Mozilla Firefox ignored it and uploaded the
file, PHP then rejected it.
Having now set reasonable size in both places it now works a treat.
Gary
On Tuesday 24 May 2005 11:29 am, you wrote:
> Have you tried:
> upload_max_filesize = 8M ( or even 35000)
> ?
>
> On Tue, 24 May, Gary Stainburn wrote:
> > I've turned on 'display_startup_errors = On' in php.ini and now I
> > get:
> >
> > Warning: Max file size of 9000 bytes exceeded - file [userfile] not
> > saved in Unknown on line 0
> >
> > at the top of my output. The file I'm uploading is 34274 bytes
> > long. I've got set in the php.ini file:
> >
> > post_max_size = 8M
> > upload_max_filesize = 9000
> > file_uploads = on
> >
> > and I've even tried
> > upload_tmp_dir = /tmp/uploads/
> >
> > having set up the dierectory (it did complain when the permissions
> > were wrong)
> >
> > On Monday 23 May 2005 8:21 pm, Dave Brotherstone wrote:
> > > Just check that you have file_uploads set to on in your php.ini,
> > > and that the maximum size (in php.ini) is bigger than your file
> > > (presuming bookmarks.html contains the obvious, it should be).
> > > Other than that I can't see anything obvious in the source.
> > >
> > > Dave.
> > >
> > > On 23/05/05, Gary Stainburn <gary.stainburn at ringways.co.uk> wrote:
> > > > Hi folks.
> > > >
> > > > I've decided to have a look at writng a page with a file upload
> > > > form on it. I've lifted the example form and handler direct
> > > > from the PHP docs, and it has worked once.
> > > >
> > > > However, it now does not work, nor can I get enough info on how
> > > > to fix it. Below is the page I'm using, along with the output
> > > > I'm getting. The bit that looks dodgy is the tmp_name field.
> > > >
> > > > <file upload form>
> > > >
> > > > uploadfile=/var/www/html/stainburn.com/uploads/bookmarks.html
> > > >
> > > > Possible file upload attack!
> > > > Here is some more debugging info:Array
> > > > (
> > > > [userfile] => Array
> > > > (
> > > > [name] => bookmarks.html
> > > > [type] => text/html
> > > > [tmp_name] => none
> > > > [size] => 0
> > > > )
> > > >
> > > > )
> > > >
> > > > <!-- The data encoding type, enctype, MUST be specified as
> > > > below --> <form enctype="multipart/form-data"
> > > > action="/upload.html" method="POST"> <!-- MAX_FILE_SIZE must
> > > > precede the file input field --> <input type="hidden"
> > > > name="MAX_FILE_SIZE" value="30000" /> <!-- Name of input
> > > > element determines name in $_FILES array --> Send this file:
> > > > <input name="userfile" type="file" />
> > > > <input name="submit" type="submit" value="Send File" />
> > > > </form>
> > > > <?php
> > > > // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should
> > > > be used instead
> > > > // of $_FILES.
> > > >
> > > > $uploaddir = '/var/www/html/stainburn.com/uploads/';
> > > > $uploadfile = $uploaddir .
> > > > basename($_FILES['userfile']['name']);
> > > >
> > > > echo
> > > > "uploadfile=$uploadfile<br>tmp_name=".$_FILES['userfile']['tmp_
> > > >file name']."<p>"; echo '<pre>';
> > > > if (move_uploaded_file($_FILES['userfile']['tmp_name'],
> > > > $uploadfile)) { echo "File is valid, and was successfully
> > > > uploaded.\n"; } else {
> > > > echo "Possible file upload attack!\n";
> > > > }
> > > >
> > > > echo 'Here is some more debugging info:';
> > > > print_r($_FILES);
> > > >
> > > > print "</pre>";
> > > >
> > > > ?>
> > > > --
> > > > Gary Stainburn
> > > >
> > > > This email does not contain private or confidential material as
> > > > it may be snooped on by interested government parties for
> > > > unknown and undisclosed purposes - Regulation of Investigatory
> > > > Powers Act, 2000
> > > >
> > > > _______________________________________________
> > > > Wylug-help mailing list
> > > > Wylug-help at wylug.org.uk
> > > > http://mailman.lug.org.uk/mailman/listinfo/wylug-help
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the Wylug-help
mailing list