|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #52946 Re-open #50684
Submitted: 2010-09-28 22:10 UTC Modified: 2010-10-04 13:39 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: guy dot paddock at redbottledesign dot com Assigned:
Status: Wont fix Package: PHP options/info functions
PHP Version: 5.2.14 OS: Linux / CentOS 5.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: guy dot paddock at redbottledesign dot com
New email:
PHP Version: OS:


 [2010-09-28 22:10 UTC] guy dot paddock at redbottledesign dot com
Issue #50684 ("max_file_uploads can't be changed from .htaccess (or ini_set)") 
is currently "closed", but was not satisfactorily resolved. 
"" did not provide a legitimate reason why the "max_file_uploads" 
setting should not be override-able at the apache or .htaccess level.

Since PHP allows other settings like "memory_limit", "max_execution_time", and 
the like to be overridden, it does not make intuitive sense for the 
"max_file_uploads" setting to be left out.

Until this is fixed, we are running with this setting disabled. Meanwhile, other 
developers who have encountered this "feature" of PHP 5.2.12 and later have had 
to resort to ugly, non-standard JavaScript hacks to get around the inherent 
problems with the approach of this setting.


I would dearly like to see this setting not go the way of the ill-fated 
"safe_mode" setting, where it's implemented but no one can use it because it 
isn't useful to anyone in particular.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-04 13:39 UTC]
-Status: Open +Status: Wont fix
 [2010-10-04 13:39 UTC]
In my opinion, it would be reasonable to make max_file_uploads PHP_INI_PERDIR. However, other people are concerned this would be too dangerous as users could set it too high and open the server to a temp file exhaustion DOS attack.

In any case, with the implementation of the feature request in bug #50692, the need for this is reduced.

The forum for discussion of non-consensual features is the internals mailing list, so if you feel strongly against the current state of affairs, you may want to bring the issue there.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri May 07 05:01:42 2021 UTC