PHP :: Bug #8700 :: File upload does not work at all.

Bug #8700	File upload does not work at all.
Submitted:	2001-01-14 15:14 UTC	Modified:	2001-01-14 17:08 UTC
From:	nautica at clanman dot com	Assigned:
Status:	Closed	Package:	Unknown/Other Function
PHP Version:	4.0.4pl1	OS:	Redhat 7.1 with 2.4.0 Kernel
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-01-14 15:14 UTC] nautica at clanman dot com

-- test.php --
<FORM ENCTYPE="multipart/form-data" ACTION="test_upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>

-- test_upload.php --
<?php 
if (is_uploaded_file($userfile)) {
    copy($userfile, "/tmp/testupload");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}
?>
Browser sends file..
but above script reports 
Possible file upload attack: none
everytime you upload a file.. file is not to be found anywhere on the system.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-01-14 17:08 UTC] sniper@php.net

Feedback by: Jon Tai <jon@tgpsolutions.com>
---------------------------------
My best guess is that you're trying to uploading a file bigger than 1000
bytes (only 1k).  In my experience, the browser doesn't actually send the
file if it's bigger than MAX_FILE_SIZE.  In my scripts, I use:

<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo ((int)
get_cfg_var("upload_max_filesize"))*1024*1024; ?>">

so that MAX_FILE_SIZE is always consistent with what php.ini allows.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Apr 16 02:01:26 2025 UTC