Re: Why can't I ini_set('upload_max_filesize')?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It's PHP_INI_PERDIR, but php takes the MINIMUM(php.ini, .htaccess,
FORM:MAX_FILE_UPLOAD_SIZE_THINGIE)

So it's no less secure than the webhost/sysadmin chooses to make it.

Or, at least, that's how I understood it to work when I tested it ages
ago...

No promise it hasn't changed.

On Tue, April 17, 2007 3:56 pm, Daniel Brown wrote:
>     Is it PHP_INI_PERDIR?  I thought for sure it was PHP_INI_SYSTEM.
> In
> fact, if it's PHP_INI_PERDIR, that's a serious server security risk,
> as a
> user could then upload a massive file (provided they have the
> bandwidth) and
> overload a server, successfully stopping error and access logging.
>
> On 4/17/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
>>
>> On Tue, April 17, 2007 3:43 pm, Sebe wrote:
>> > Brian Dunning wrote:
>> >> If I do this:
>> >>
>> >> ini_set('upload_max_filesize', 30720);
>> >> echo ini_get('upload_max_filesize');
>> >>
>> >> it returns 2M. Why is it not accepting the ini_set? The server is
>> >> Windows, PHP 5.2.
>> >
>> > probably because upload_max_filesize is PHP_INI_PERDIR not
>> PHP_INI_ALL
>> >
>> > use:
>> > http://us.php.net/manual/en/configuration.changes.php
>>
>> Not to mention that by the time your PHP script executes that line
>> of
>> code, the file upload, if any, has already FINISHED...
>>
>> Bit of a chicken and egg problem to make it PHP_INI_ALL, eh?
>>
>> That's almost for sure why it's PHP_INI_PERDIR to start with.
>>
>> --
>> Some people have a "gift" link here.
>> Know what I want?
>> I want you to buy a CD from some indie artist.
>> http://cdbaby.com/browse/from/lynch
>> Yeah, I get a buck. So?
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>
> --
> Daniel P. Brown
> [office] (570-) 587-7080 Ext. 272
> [mobile] (570-) 766-8107
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux