|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg Common Pitfalls
The If a memory limit is enabled, a larger memory_limit may be needed. Make sure you set memory_limit large enough.
If max_execution_time
is set too small, script execution may be exceeded by the value. Make
sure you set
Note:
max_execution_time only affects the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), the sleep() function, database queries, time taken by the file upload process, etc. is not included when determining the maximum time that the script has been running.
Warning:
max_input_time sets the maximum
time, in seconds, the script is allowed to receive input; this includes
file uploads. For large or multiple files, or users on slower connections,
the default of
If post_max_size is set too
small, large files cannot be uploaded. Make sure you set
Not validating which file you operate on may mean that users can access sensitive information in other directories. Please note that the CERN httpd seems to strip off everything starting at the first whitespace in the content-type mime header it gets from the client. As long as this is the case, CERN httpd will not support the file upload feature. Due to the large amount of directory listing styles we cannot guarantee that files with exotic names (like containing spaces) are handled properly.
A developer may not mix normal input fields and file upload fields in the same
form variable (by using an input name like Code Examples / Notes » features.file_upload.common_pitfallstjaart
Took me a while to figure this one out... I think this is actually a header problem, but it only happens when doing a file upload. If you attept a header("location:http://...) redirect after processing a $_POST[''] from a form doing a file upload (i.e. having enctype="multipart/form-data"), the redirect doesn't work in IE if you don't have a space between location: & http, i.e. header("location:http://...) vs header("location: http://...) =================================== <?php if ($_POST['submit']=='Upload') { // Process File and the redirect... header("location: http://"..."/somewhere.php"); exit; } ?> <html><head></head><body> <form enctype="multipart/form-data" action="upload.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="20000"> Your file: <input name="filename" type="file"> <input name="submit" type="submit" value="Upload"> </form> </body></html> =================================== This only happens if all of the following are true: header("location:http://...) with no space Form being processed has enctype="multipart/form-data" Browser=IE To fix the problem, simply add the space. Hope this helps someone else. rbemrose
tjaart: The HTTP/1.1 standard, section 4.2 says this about message headers: "Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive. The field value MAY be preceded by any amount of LWS, though a single SP is preferred." This can be interpreted in two ways: 1. You have to have at least one whitespace character between the header name and field value. or 2. You can have no whitespace before the field value. Either way, the standard recommends 1 space, and you already know that works... admin
The macintosh OS (not sure about OSx) uses a dual forked file system, unlike the rest of the world ;-). Every macintosh file has a data fork and a resource fork. When a dual forked file hits a single forked file system, something has to go, and it is the resource fork. This was recognized as a problem (bad idea to begin with) and apple started recomending that developers avoid sticking vital file info in the resource fork portion of a file, but some files are still very sensitive to this. The main ones to watch out for are macintosh font files and executables, once the resource fork is gone from a mac font or an executable it is useless. To protect the files they should be stuffed or zipped prior to upload to protect the resource fork. Most mac ftp clients (like fetch) allow files to be uploaded in Macbinhex, which will also protect the resource fork when transfering files via ftp. I have not seen this equivilent in any mac browser (but I haven't done too much digging either). FYI, apple does have an old utility called ResEdit that lets you manipulate the resource fork portion of a file. amalcon _a_t_ eudoramail _d_o_t_ com
Note that, when you want to upload VERY large files (or you want to set the limiters VERY high for test purposes), all of the upload file size limiters are stored in signed 32-bit ints. This means that setting a limit higher than about 2.1 GB will result in PHP seeing a large negative number. I have not found any way around this.
sebastian
It's important that the variable 'open_basedir' in php.ini isn't set to a directory that doesn't not includes tempupload directory
oliver dot schmidt
If you want to use open_basedir for securing your server (which is highly recommended!!!) remember to add your tmp dir to the open_basedir value in php.ini. Example: open_basedir = <your htdocs root, etc...>:/tmp (Tested on gentoo Linux, Apache 2.2, PHP 5.1.6) morganaj
Here is another that may make your upload fall over. If you are using Squid or similar proxy server make sure that this is not limiting the size of the HTTP headers. This took me weeks to figure out!
tomcashman
For apache, also check the LimitRequestBody directive. If you're running a Red Hat install, this might be set in /etc/httpd/conf.d/php.conf. By default, mine was set to 512 KB. anders jenbo pc dk
A responce to admin at creationfarm dot com, Mac OS X and Windows running on a NTFS disk also uses a multi stream file system. Still only the data stream in transfared on http upload. It is preferable to pack Mac OS X files in .dmg files rathere then zip but the avarage user will find zip much easir and they are supported on more platforms.
|
