php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8700 File upload does not work at all.
Submitted: 2001-01-14 15:14 UTC Modified: 2001-01-14 17:08 UTC
From: nautica at clanman dot com Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0.4pl1 OS: Redhat 7.1 with 2.4.0 Kernel
Private report: No CVE-ID: None
 [2001-01-14 15:14 UTC] nautica at clanman dot com
-- test.php --
<FORM ENCTYPE="multipart/form-data" ACTION="test_upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>

-- test_upload.php --
<?php 
if (is_uploaded_file($userfile)) {
    copy($userfile, "/tmp/testupload");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}
?>
Browser sends file..
but above script reports 
Possible file upload attack: none
everytime you upload a file.. file is not to be found anywhere on the system.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-14 17:08 UTC] sniper@php.net
Feedback by: Jon Tai <jon@tgpsolutions.com>
---------------------------------
My best guess is that you're trying to uploading a file bigger than 1000
bytes (only 1k).  In my experience, the browser doesn't actually send the
file if it's bigger than MAX_FILE_SIZE.  In my scripts, I use:

<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo ((int)
get_cfg_var("upload_max_filesize"))*1024*1024; ?>">

so that MAX_FILE_SIZE is always consistent with what php.ini allows.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 04:01:29 2024 UTC