Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

note 23727 added to features.file-upload

0 views
Skip to first unread message

ale...@mvs.com

unread,
Jul 25, 2002, 11:27:57 PM7/25/02
to php-...@lists.php.net
If you have a script like this:

<?
if ($_REQUEST["answered"] == "ok") {
echo "<pre>";
echo $_SERVER["SERVER_SOFTWARE"] . "\n\n";
if (is_uploaded_file($_FILES["userfile"]["tmp_name"]))
echo "It really is an Uploaded File!\n";
else
echo "It is NOT\n";
echo "These are the contents of the \$_FILES array :: \n";
print_r($_FILES);
echo "</pre>";

} else {
?>

<form name="forma" action="file_problem.php" method="post" ENCTYPE="multipart/form-data">
<input type="file" name="userfile">
<input type="hidden" name="answered" value="ok">
<input type="submit">
</form>

<?}?>

**** This is the result when we run it in PHP 4.1.2 browsing a real file from our disk:

Apache/1.3.24 (Unix) PHP/4.1.2

It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => wtrs.audit
[type] => text/plain
[tmp_name] => /var/tmp/phpTMaO4e
[size] => 30313
)

)

**** And this is the result in PHP 4.2.2 :

Apache/1.3.26 (Unix) PHP/4.2.2

It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => wtrs.audit
[type] => text/plain
[tmp_name] => /var/tmp/phpU6a4fK
[error] => 0
[size] => 30313
)

)

Everything seems to work fine, In fact in 4.2.2 we have a nice variable "error" in the array to be sure that there was no error during the upload.

BUT!

If we select a 0 byte file from our disk or if we simply write a bogus name in the userfile field before submiting the form we have these VERY different results:

**** In PHP 4.1.2:

Apache/1.3.24 (Unix) PHP/4.1.2

It is NOT
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => sdfsdf
[type] => application/octet-stream
[tmp_name] => none
[size] => 0
)

)

... very nice, we can use the "none" in the tmp_name to determine that this is not a correct file and that we don't have to move it to our directory maybe damaging an already stored file with that name.

*** In PHP 4.2.2 :

Apache/1.3.26 (Unix) PHP/4.2.2

It really is an Uploaded File!
These are the contents of the $_FILES array ::
Array
(
[userfile] => Array
(
[name] => sdfsdf
[type] => application/octet-stream
[tmp_name] => /var/tmp/phpNaaagK
[error] => 0
[size] => 0
)

)

... this is bad because PHP assumes a file was uploaded and creates a tmp_file in the server, also it doesn't report an error in the "error" variable of the array, and of course is_uploaded_file returns true.

Now we have no way to determine if the uploaded file was really a file and we will finish coding something like "IF FILESIZE IS 0 THEN DISCARD THE UPLOAD", but then we won't be able to upload 0 byte files (as we could in earlier version of PHP).

Is this a bug? any ideas of working this arround?

Constructions like these won't work any more:

if (!empty($userfile_name) && is_uploaded_file($userfile))
move_uploaded_file($userfile, "$ruta2".$userfile_name);

...assuming that register_globals is on; or:

$userfile = $_FILE["userfile"]["tmp_name"];
$userfile_name = $_FILE["userfile"]["name"];
if ( $userfile != 'none' && is_uploaded_file($userfile))
move_uploaded_file($userfile, "$ruta2".$userfile_name);

... if register_globals are off.
--
http://www.php.net/manual/en/features.file-upload.php
http://master.php.net/manage/user-notes.php?action=edit+23727
http://master.php.net/manage/user-notes.php?action=delete+23727
http://master.php.net/manage/user-notes.php?action=reject+23727

0 new messages