Page 1 of 1

Possible file upload attack! ??

Posted: Thu Mar 25, 2004 9:45 am
by jiehuang001
I am trying to build a webpage for file uploading. I copied the code from PHP documententation http://www.php.net/manual/en/features.file-upload.php, but I always get this error message. My machine is Mac OS X and all my other php programs run well.

Possible file upload attack! Here's some debugging info:
Array
(
[userfile] => Array
(
[name] => sop5.pdf
[type] =>
[tmp_name] =>
[error] => 2
[size] => 0
)

)

Posted: Thu Mar 25, 2004 9:48 am
by JayBird
the error 2 mean

The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.


Mark

can't open uploaded file

Posted: Thu Mar 25, 2004 10:04 am
by jiehuang001
Ok, thanks. I removed the code line
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
and I can upload a file now.

however, after I upload a pdf file and try to open it, I got the error:
There was an error openning this document. There was a Macintosh system error (-5000)

I guess the file was changed when being uploaded.

Also, when the uploading file has a blank in its name, it won't work.

Thanks.

jie

Posted: Thu Mar 25, 2004 10:09 am
by m3mn0n
Is there enough max memory to handle the size of the file?

And try replacing all spaces with underscores.

Posted: Thu Mar 25, 2004 10:39 am
by jiehuang001
what do you mean "Is there enough max memory to handle the size of the file?", I removed the line of
<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
then there should be no limitation. Or the limitation should be 2M that is defined in the php.ini file.

Also, is there no way to upload file whose name has blank?

Thanks.

Jie