Re: able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- From: "Rik Wasmus" <luiheidsgoeroe@xxxxxxxxxxx>
- Date: Sat, 31 May 2008 13:55:37 +0200
On Sat, 31 May 2008 13:38:57 +0200, C. (http://symcbean.blogspot.com/) <colin.mckinnon@xxxxxxxxx> wrote:
On May 31, 3:01 am, Lawrence Krubner <lawre...@xxxxxxxxxxx> wrote:To guard against our users possibly uploading huge files, I've got this
in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_size = 10M
On a server running Ubuntu Linux. The PHP version:
root@ldc310:/etc/php5/cli# php -v
PHP 5.1.6 (cli) (built: Nov 28 2007 22:52:49)
I just uploaded a 28 meg file to the server. I have a PHP script that
automatically resizes the images to less than a meg. However, I was
assuming that the upload should have failed, before the PHP script ever
had the chance to resize the file. How do I limit how much our users can
upload? I really don't want the users to have the power to upload 30 or
40 or 50 meg files.
The server does have Plesk installed, which I know, in times past, has
found ways to undermine the settings in php.ini.
No - override - exactly as it's supposed to do. But its worth noting
that the only time I've seen plesk is on hosted servers - which rather
implies that you're already paying somebody to answer these questions.
Well, even on my personal VPS I have Plesk. Really takes the edge of administrative tasks I have no interest in for a hobby server :)
For instance, for
open_basedir, the value that gets written in the httpd.conf file, in
each vhost directory, takes precedence over whatever I put in php.ini..
But I've never seen Plesk undermine the importance of the post_max_size
setting, nor can I imagine where Plesk might store such a conf setting
if it did.
Any thoughts on what might be wrong? Are there other places some
configuration data might be taking precedent?
The post_max_size is PHP specific thing - assuming it did work as you
expect, it wouldn't stop anyone from posting more data to the
webserver - indeed, according to the manual, it only says that when
more than this limit is posted, the $_POST and $_GET vars are empty -
no mention of $_FILES. A better setting would be to set the limit
using upload_max_filesize, but again this does not stop people from
abusing your bandwidth.
If you set the limit in the webserver config then it will terminate
the conenction.
If concerned, it would be best to limit at the source indeed, i.e. the webserver. If one wants to do it in PHP, a php_admin_value in httpd.conf / vhost config should work. They ought not be overridable bij .htaccess files, and as max_upload_filesize is PHP_INI_PERDIR since 4.2.3 an ini_set() shouldn't work either.
--
Rik Wasmus
....spamrun finished
.
- References:
- able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- From: Lawrence Krubner
- Re: able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- From: C. (http://symcbean.blogspot.com/)
- able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- Prev by Date: Re: include 'filename.php' vs. exit 'whatever'
- Next by Date: Re: able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- Previous by thread: Re: able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- Next by thread: Re: able to upload 28 meg file, yet php.ini limits posts to 10 megs. What is up with that?
- Index(es):
Relevant Pages
|
