PHP Bugs  
php.net | support | documentation | report a bug | advanced search | search howto | statistics | login

go to bug id or search bugs for  

Bug #40387 MAX_FILE_SIZE erroneous.
Submitted:7 Feb 2007 2:56pm UTC Modified: 23 Mar 2007 5:37pm UTC
From:jon at hackcraft dot net Assigned to:
Status:Closed Category:Documentation problem
Version:Irrelevant OS:
Votes:2 Avg. Score:3.5 ± 0.5 Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%) Same OS:1 (50.0%)
View/Vote Developer Edit Submission

[7 Feb 2007 2:56pm UTC] jon at hackcraft dot net 
Description:
------------
At
http://www.php.net/manual/en/features.file-upload.php#features.file-uplo
ad.post-method and equivalent locations in other formats, it is stated
that browsers take the value of a MAX_FILE_SIZE form field into
account.

This information is repeated elsewhere on the web and in books, but
appears to originate from the PHP documentation (it does not appear in
terms of other server-side technologies).

There is nothing in any of the HTML, HTTP or related specs to indicate
that this is the case (in particular RFC 1867 which introduced file
uploads to HTML doesn't mention it, so it isn't even a case of a kludge
that was mentioned in the first RFC and then dropped) nor does it make
sense in the context of the HTML specs (there is nothing to indicate any
relationship between that particular hidden input and the file input).
The only statements about hidden fields I could find in any of them was
warnings in the security considerations sections against user-agents
basing any file-related operations on anything mentioned in a hidden
field.

No browsers appear to perform this as an "extension". Indeed given that
there are potentially other possible meanings for a hidden field with
that name in an application handling several file uploads, it would have
to be considered a design flaw any any did.

I submit that there is no such mechanism in mainstream browsers (if any
at all) and indeed shouldn't be. Reference to it should be dropped from
documentation.

I'd further suggest that since this idea has propagated from this
documentation elsewhere that a note about it not working should to be
added.

If a mechanism is required or desired for more rapidly handling this
sort of file handling issue then it requires functionality to allow PHP
to intercept streams being uploaded before request completion, which
would be completely different to how this documentation suggest it
should be dealt with, even if it was true.
[23 Mar 2007 5:37pm UTC] vrana@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

"This is an advisory to the browser" deleted.

RSS feed | show source 

PHP Copyright © 2001-2009 The PHP Group
All rights reserved.
 		Last updated: Sat Nov 21 10:30:49 2009 UTC