Req #52946 [Opn->Wfx]: Re-open #50684

Mon, 04 Oct 2010 07:00:43 -0700 

Edit report at http://bugs.php.net/bug.php?id=52946&edit=1

 ID:                 52946
 Updated by:         cataphr...@php.net
 Reported by:        guy dot paddock at redbottledesign dot com
 Summary:            Re-open #50684
-Status:             Open
+Status:             Wont fix
 Type:               Feature/Change Request
 Package:            PHP options/info functions
 Operating System:   Linux / CentOS 5.2
 PHP Version:        5.2.14
 Block user comment: N

 New Comment:

In my opinion, it would be reasonable to make max_file_uploads
PHP_INI_PERDIR. However, other people are concerned this would be too
dangerous as users could set it too high and open the server to a temp
file exhaustion DOS attack.



In any case, with the implementation of the feature request in bug
#50692, the need for this is reduced.



The forum for discussion of non-consensual features is the internals
mailing list, so if you feel strongly against the current state of
affairs, you may want to bring the issue there.


Previous Comments:
------------------------------------------------------------------------
[2010-09-28 22:10:44] guy dot paddock at redbottledesign dot com

Description:
------------
Issue #50684 ("max_file_uploads can't be changed from .htaccess (or
ini_set)") 

is currently "closed", but was not satisfactorily resolved. 

"j...@php.net" did not provide a legitimate reason why the
"max_file_uploads" 

setting should not be override-able at the apache or .htaccess level.



Since PHP allows other settings like "memory_limit",
"max_execution_time", and 

the like to be overridden, it does not make intuitive sense for the 

"max_file_uploads" setting to be left out.



Until this is fixed, we are running with this setting disabled.
Meanwhile, other 

developers who have encountered this "feature" of PHP 5.2.12 and later
have had 

to resort to ugly, non-standard JavaScript hacks to get around the
inherent 

problems with the approach of this setting.



See:

http://allinthehead.com/retro/349/the-curse-of-max_file_uploads



I would dearly like to see this setting not go the way of the ill-fated


"safe_mode" setting, where it's implemented but no one can use it
because it 

isn't useful to anyone in particular.



------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52946&edit=1

Reply via email to