Upload file that does not exist

Upload file that does not exist

am 29.10.2007 21:52:25 von damezumari

I have a form:

enctype="multipart/form-data" onsubmit="return checkFields();">

with a file object:



to upload a file.

I click the Browse button and select a file on my hard disk. Then I
delete or rename the file on my hard disk. When I then submit the
form

$uploaded = move_uploaded_file($_FILES['localfile']['tmp_name'],
$uploadfile);

returns true and $_FILES['userfile']['error'] does not return an error
(it returns the empty string which I guess means 0).

The only way to detect something fishy is going on is looking at
$_FILES['localfile']['size'] that returns 0.

Is this the way things are supposed to be? I would want $uploaded to
be false.

Regards,

Jan Nordgreen

Re: Upload file that does not exist

am 29.10.2007 22:14:35 von luiheidsgoeroe

On Mon, 29 Oct 2007 21:52:25 +0100, damezumari =
=

wrote:

> I have a form:
>
> > enctype=3D"multipart/form-data" onsubmit=3D"return checkFields();">
>
> with a file object:
>
>
>
> to upload a file.
>
> I click the Browse button and select a file on my hard disk. Then I
> delete or rename the file on my hard disk. When I then submit the
> form
>
> $uploaded =3D move_uploaded_file($_FILES['localfile']['tmp_name'],
> $uploadfile);
>
> returns true and $_FILES['userfile']['error'] does not return an error=

> (it returns the empty string which I guess means 0).
>
> The only way to detect something fishy is going on is looking at
> $_FILES['localfile']['size'] that returns 0.
>
> Is this the way things are supposed to be? I would want $uploaded to
> be false.

Well, the UA should issue the warning/block on a submit (Opera does BTW,=
=

with a nice inline explanation next to the input element, FF & MSIE =

don't). There's no way you can know it's not supposed to be an empty fil=
e, =

which it could be. Empty files are used quite regularly for genuine =

purposes.
-- =

Rik Wasmus

Re: Upload file that does not exist

am 30.10.2007 23:11:10 von AnrDaemon

Greetings, damezumari.
In reply to Your message dated Monday, October 29, 2007, 23:52:25,

> I have a form:

> > enctype="multipart/form-data" onsubmit="return checkFields();">

> with a file object:

>

> to upload a file.

> I click the Browse button and select a file on my hard disk. Then I
> delete or rename the file on my hard disk. When I then submit the
> form

> $uploaded = move_uploaded_file($_FILES['localfile']['tmp_name'],
> $uploadfile);

> returns true and $_FILES['userfile']['error'] does not return an error
> (it returns the empty string which I guess means 0).

> The only way to detect something fishy is going on is looking at
> $_FILES['localfile']['size'] that returns 0.

> Is this the way things are supposed to be? I would want $uploaded to
> be false.

I think You messing with client- and server-side checks.
If You want to get real files from clients, just demand that they should be
more than zero bytes long. You can check uploaded file in place before moving
it.
Refer to PHP documantation in parts of file uploading (ini_get('upload_tmp_dir'),
is_uploaded_file('path/name') etc.)


--
Sincerely Yours, AnrDaemon