#33666 [Opn->Bgs]: "MAX_FILE_SIZE" can not be smaller than 1024*5

Tue, 12 Jul 2005 08:51:29 -0700 

 ID:               33666
 Updated by:       [EMAIL PROTECTED]
-Summary:          http://www.utblog.com/plog/CB
 Reported By:      cb dot utblog at gmail dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         *General Issues
 Operating System: Redhat 8.0
 PHP Version:      5.1.0b2
 New Comment:

And answer to this is pretty simple: To even get the value of that you
have to read certain amount of data..



Previous Comments:
------------------------------------------------------------------------

[2005-07-12 17:22:43] cb dot utblog at gmail dot com

Description:
------------
when uploading a file, in the post form, there's a hidden zone: <input
type="hidden" name="MAX_FILE_SIZE" value="100">.
The value of "MAX_FILE_SIZE" equals 10(bytes) here, it doesn't work.

actually, whenever if MAX_FILE_SIZE is setted to be less than 1024*5,
it doesn't works. the file will be uploaded and stored without error.

What does 1024*5 mean? it's size of buffer to get file data from
multi-part body (FILLUNIT).

The mistake comes from here: 
in main/rfc1867.c, 
function "SAPI_POST_HANDLER_FUNC"
it compares how many bytes have read (total_bytes) to "MAX_FILE_SIZE"
after reading again but before increasing total_bytes.


Reproduce code:
---------------
                        while (!cancel_upload && (blen = 
multipart_buffer_read(mbuff, buff,
sizeof(buff) TSRMLS_CC)))
                        {
//>> UP TO 1025*5 BYTES HAS BEEN READ
                                if (PG(upload_max_filesize) > 0 && total_bytes >
PG(upload_max_filesize)) {
#if DEBUG_FILE_UPLOAD
                                        sapi_module.sapi_error(E_NOTICE, 
"upload_max_filesize of %ld bytes
exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param,
filename);
#endif
                                        cancel_upload = UPLOAD_ERROR_A;
                                } else if (max_file_size && (total_bytes > 
max_file_size)) {
//>> COMPARE total_bytes TO max_file_size BEFORE INCREASING total_bytes

#if DEBUG_FILE_UPLOAD
                                        sapi_module.sapi_error(E_NOTICE, 
"MAX_FILE_SIZE of %ld bytes
exceeded - file [%s=%s] not saved", max_file_size, param, filename);
#endif
                                        cancel_upload = UPLOAD_ERROR_B;
                                } else if (blen > 0) {
                                        wlen = write(fd, buff, blen);
                        
                                        if (wlen < blen) {
#if DEBUG_FILE_UPLOAD
                                                
sapi_module.sapi_error(E_NOTICE, "Only %d bytes were written,
expected to write %d", wlen, blen);
#endif
                                                cancel_upload = UPLOAD_ERROR_C;
                                        } else {
//>> CHANGE total_bytes HERE, IT'S TOO LATE
                                                total_bytes += wlen;
                                        }
                                } 
                        }
                        if (fd!=-1) { /* may not be initialized if file could 
not be created
*/
                                close(fd);
                        }




------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=33666&edit=1

Reply via email to