php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35351 error_reporting(0); does not suppress E_WARNING during a file upload.
Submitted: 2005-11-23 17:32 UTC Modified: 2005-11-24 07:32 UTC
From: ragekab at yahoo dot com Assigned:
Status: Not a bug Package: HTTP related
PHP Version: 4.4.1 OS: Windows / Linux
Private report: No CVE-ID: None
 [2005-11-23 17:32 UTC] ragekab at yahoo dot com
Description:
------------
error_reporting(0); does not suppress E_WARNING during a file upload if it exceeds upload_max_filesize (php.ini directive) or MAX_FILE_SIZE (hidden field).

Reproduce code:
---------------
<?php
error_reporting(0);
?>

<form method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1000" />
<input type="submit" />
</form>

Expected result:
----------------
This should not throw an E_WARNING if you submit the form with a file that exceeds 1000 bytes since error_reporting(0); was set above any code.

Actual result:
--------------
PHP throws a warning message:

Warning: MAX_FILE_SIZE of 1000 bytes exceeded - file...


* This is also true if you submitted a file larger than upload_max_filesize. PHP will throw a warning message:

Warning: upload_max_filesize of 1048576 bytes exceeded - file... (where 1048576 bytes is the php.ini upload_max_filesize directive of 1M in this example)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-23 19:39 UTC] derick@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

File uploads are handled before your script runs, so setting error_reporting(0) in your script doesn\'t work as the warning is thrown before this code is reached.
 [2005-11-24 07:32 UTC] ragekab at yahoo dot com
Actually I realize that PHP had already uploaded the file even before PHP runs the script. But wouldn't it be nice if there was an option to turn this warning off inside user scripts as to not "break" the appearance or custom validation of the script because I think the error codes that were defined in $_FILES['userfile']['error'] will be of no "clean" use if PHP will throw an E_WARNING everytime the upload exceeds the limits. Or, was there alreasy a way to turn that E_WARNING off on a user script level? Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 19:01:30 2024 UTC