php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18581 Uploaded Files Incorrectly assumed to exist
Submitted: 2002-07-25 22:41 UTC Modified: 2002-07-25 22:50 UTC
From: alexis at mvs dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 4.2.2 OS: Solaris 7 / RH Linux 7.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-07-25 22:41 UTC] alexis at mvs dot com 
In previous versions of PHP (before 4.2.2) when a form was submited containing an <input type="file"> field, if the browsed file size was 0 or if the file specified in the field didn't exist on the submitter's disk, the file name was reported "none" and no temporary file was created on the Server.  

I tried this with the following script in PHP 4.1.2 and PHP 4.2.2 both running in Solaris 7 Boxes with Apache 1.3  The file name of the script is "file_problem.php".

<?
if ($_REQUEST["answered"] == "ok") {
  echo "<pre>";
    echo $_SERVER["SERVER_SOFTWARE"] . "\n\n";
    echo "These are the contents of the \$_FILES array :: \n";
    print_r($_FILES);
  echo "</pre>";
  
} else {
?>

<form name="forma" action="file_problem.php" method="post"  ENCTYPE="multipart/form-data">
  <input type="file" name="userfile">
  <input type="hidden" name="answered" value="ok">
  <input type="submit">
</form>

<?}?>


***** When we click on the browse button and select a file from our localdisk this is returned in PHP 4.2.2 :

Apache/1.3.26 (Unix) PHP/4.2.2
These are the contents of the $_FILES array :: 
Array
(
    [userfile] => Array
        (
            [name] => fetuccinni.jpg
            [type] => image/pjpeg
            [tmp_name] => /var/tmp/phpHaaagK
            [error] => 0
            [size] => 12385
        )

)

***** Looks somewhat different to PHP 4.1.2 because of the "error" field but works fine.

Apache/1.3.24 (Unix) PHP/4.1.2
These are the contents of the $_FILES array :: 
Array
(
    [userfile] => Array
        (
            [name] => ellago.jpg
            [type] => image/pjpeg
            [tmp_name] => /var/tmp/phpenaW3e
            [size] => 10443
        )

)

****  When we browse a 0 byte file or type in a bogus file name in the field these are the different results:

Apache/1.3.26 (Unix) PHP/4.2.2
These are the contents of the $_FILES array :: 
Array
(
    [userfile] => Array
        (
            [name] => typedtext
            [type] => application/octet-stream
            [tmp_name] => /var/tmp/phpmxaqgK
            [error] => 0
            [size] => 0
        )

)

Apache/1.3.24 (Unix) PHP/4.1.2
These are the contents of the $_FILES array :: 
Array
(
    [userfile] => Array
        (
            [name] => typedtext
            [type] => application/octet-stream
            [tmp_name] => none
            [size] => 0
        )

)


This is incorrect because PHP assumes the file exists and creates a file in the server.  The only way we have to determine if we have to move the file or not is the "size" field, but there is no a way to determine if the user really uploaded a 0 byte file or simply if the file didn't existed in the user disk.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-25 22:50 UTC] sniper@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 11:01:28 2024 UTC