[Wylug-help] PHP file upload problem
Dave Brotherstone
davebrotherstone at gmail.com
Tue May 24 17:38:31 BST 2005
So just put the upload_max_filesize up to whatever the maximum file size is?
Dave.
On 24/05/05, Gary Stainburn <gary.stainburn at ringways.co.uk> wrote:
> I've turned on 'display_startup_errors = On' in php.ini and now I get:
>
> Warning: Max file size of 9000 bytes exceeded - file [userfile] not
> saved in Unknown on line 0
>
> at the top of my output. The file I'm uploading is 34274 bytes long.
> I've got set in the php.ini file:
>
> post_max_size = 8M
> upload_max_filesize = 9000
> file_uploads = on
>
> and I've even tried
> upload_tmp_dir = /tmp/uploads/
>
> having set up the dierectory (it did complain when the permissions were
> wrong)
>
>
> On Monday 23 May 2005 8:21 pm, Dave Brotherstone wrote:
> > Just check that you have file_uploads set to on in your php.ini, and
> > that the maximum size (in php.ini) is bigger than your file
> > (presuming bookmarks.html contains the obvious, it should be). Other
> > than that I can't see anything obvious in the source.
> >
> > Dave.
> >
> > On 23/05/05, Gary Stainburn <gary.stainburn at ringways.co.uk> wrote:
> > > Hi folks.
> > >
> > > I've decided to have a look at writng a page with a file upload
> > > form on it. I've lifted the example form and handler direct from
> > > the PHP docs, and it has worked once.
> > >
> > > However, it now does not work, nor can I get enough info on how to
> > > fix it. Below is the page I'm using, along with the output I'm
> > > getting. The bit that looks dodgy is the tmp_name field.
> > >
> > > <file upload form>
> > >
> > > uploadfile=/var/www/html/stainburn.com/uploads/bookmarks.html
> > >
> > > Possible file upload attack!
> > > Here is some more debugging info:Array
> > > (
> > > [userfile] => Array
> > > (
> > > [name] => bookmarks.html
> > > [type] => text/html
> > > [tmp_name] => none
> > > [size] => 0
> > > )
> > >
> > > )
> > >
> > > <!-- The data encoding type, enctype, MUST be specified as below
> > > --> <form enctype="multipart/form-data" action="/upload.html"
> > > method="POST"> <!-- MAX_FILE_SIZE must precede the file input field
> > > --> <input type="hidden" name="MAX_FILE_SIZE" value="30000" /> <!--
> > > Name of input element determines name in $_FILES array --> Send
> > > this file: <input name="userfile" type="file" />
> > > <input name="submit" type="submit" value="Send File" />
> > > </form>
> > > <?php
> > > // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be
> > > used instead
> > > // of $_FILES.
> > >
> > > $uploaddir = '/var/www/html/stainburn.com/uploads/';
> > > $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
> > >
> > > echo
> > > "uploadfile=$uploadfile<br>tmp_name=".$_FILES['userfile']['tmp_file
> > >name']."<p>"; echo '<pre>';
> > > if (move_uploaded_file($_FILES['userfile']['tmp_name'],
> > > $uploadfile)) { echo "File is valid, and was successfully
> > > uploaded.\n"; } else {
> > > echo "Possible file upload attack!\n";
> > > }
> > >
> > > echo 'Here is some more debugging info:';
> > > print_r($_FILES);
> > >
> > > print "</pre>";
> > >
> > > ?>
> > > --
> > > Gary Stainburn
> > >
> > > This email does not contain private or confidential material as it
> > > may be snooped on by interested government parties for unknown
> > > and undisclosed purposes - Regulation of Investigatory Powers Act,
> > > 2000
> > >
> > > _______________________________________________
> > > Wylug-help mailing list
> > > Wylug-help at wylug.org.uk
> > > http://mailman.lug.org.uk/mailman/listinfo/wylug-help
>
> --
> Gary Stainburn
>
> This email does not contain private or confidential material as it
> may be snooped on by interested government parties for unknown
> and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/wylug-help
>
>
More information about the Wylug-help
mailing list