Possible file upload attack! ??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jiehuang001
Forum Commoner
Posts: 39
Joined: Mon May 12, 2003 12:53 pm

Possible file upload attack! ??

Post by jiehuang001 »

I am trying to build a webpage for file uploading. I copied the code from PHP documententation http://www.php.net/manual/en/features.file-upload.php, but I always get this error message. My machine is Mac OS X and all my other php programs run well.

Possible file upload attack! Here's some debugging info:
Array
(
[userfile] => Array
(
[name] => sop5.pdf
[type] =>
[tmp_name] =>
[error] => 2
[size] => 0
)

)
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

the error 2 mean

The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.


Mark
jiehuang001
Forum Commoner
Posts: 39
Joined: Mon May 12, 2003 12:53 pm

can't open uploaded file

Post by jiehuang001 »

Ok, thanks. I removed the code line
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
and I can upload a file now.

however, after I upload a pdf file and try to open it, I got the error:
There was an error openning this document. There was a Macintosh system error (-5000)

I guess the file was changed when being uploaded.

Also, when the uploading file has a blank in its name, it won't work.

Thanks.

jie
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Is there enough max memory to handle the size of the file?

And try replacing all spaces with underscores.
jiehuang001
Forum Commoner
Posts: 39
Joined: Mon May 12, 2003 12:53 pm

Post by jiehuang001 »

what do you mean "Is there enough max memory to handle the size of the file?", I removed the line of
<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
then there should be no limitation. Or the limitation should be 2M that is defined in the php.ini file.

Also, is there no way to upload file whose name has blank?

Thanks.

Jie
Post Reply