|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-07-16 22:11 UTC] stephen dot ball at gmail dot com
[2005-07-18 02:18 UTC] sniper@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 06 00:00:02 2025 UTC |
Description: ------------ When selecting a file to upload files which are massively larger than the upload limit cause the super global arrays $_POST, $_GET, $_REQUEST and $_FILES to be empty. Reproduce code: --------------- form.html <form enctype="multipart/form-data" action="upload.php" method="POST"> <input type="hidden" name="test" value="value" /> Send this file: <input name="userfile" type="file" /> <input type="submit" value="Send File" /> </form> upload.php <?php print_r($_POST); print_r($_REQUEST); $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } print "</pre>"; ?> Expected result: ---------------- array("test" => "value") array("test" => "value") Possible file upload attack! (due to the fact that the file is too large) Actual result: -------------- array() array() Possible file upload attack!