PHP 4.3.8 and file uploads

1094850187000

On the surface handling file uploads with PHP is a piece of cake (then why do we see so many messages in mailing lists on this topic?). It's what's under the hood that causes the problem.

For example most installations of PHP are geared only to handle a maximum total file size of 2MB. Many users who are on shared hosting enviorenments cannot edit their php.ini file so they are unable to move past this limit. That's why I wrote that article 'Sneak Past the PHP upload limits'

PHP 4.3.8 and 5.0+ adds another complication, this time it's not related to upload limits but to path information. In previous version PHP discarded all pathnames that appeared to be windows paths. (in other words 'c:downloadsraduploadlite.zip') would appear as 'raduploadlite.zip' but '/downloads/raduploadlite.zip' would be left unchanged.

We made use of this feature (it's a feature not a bug!?) of PHP in Rad Upload. Rad Upload can translate pathname by replacing the windows path separator with the linux path separator so that PHP does not discard the full path information.

Now apparently the authors of PHP believe pathnames should be completely stripped out. A good programming language should give the developer enough rope to be free or to hang himself. Apparently now PHP developers are cannot be trusted not to wrap wrap the rope around their necks and strangle themselves.

comments powered by Disqus