has anyone found a workaround..

Anon

.. for controlling file uploads when the file size is exceeded.

I know you can control to an extent by limiting the file size but that still means that an inefficient file upload to a temp directory is necessary before the server cuts the upload off.

Anyone thought of a way, using PHP, of denying the upload without beginning an actual upload 🙂

Thanks very much

Debi

Anon

Well, PHP can't start processing the upload until the upload has been done...

Consider going one step back and configuring your server (however you go about doing so with whatever you've got) to disallow form POSTs above a certain size.

Anon

Hmm, I thought of that 🙂 trouble with the approach is that, if the file size is big, then you still have to attempt the big upload before you know there's a problem.

The main reason uploading is good for me is that my users can do some of the work. However, it's hard to educate a user about file sizes 🙂

I was thinking that someone may have figured out a way to get the file size posted to the server prior to the upload page being presented. But I can't think of a way to do it.

Anon

Well, no, not really - it's up to the browser to say how big the file is (the server has no way of knowing, because it doesn't have the file yet), and the browser can't say until it uploads the file...

Pretty much any workaround (eg. a Javascript submit handler that reads the filesize and decides whether to allow it or not) opens a vulnerability (and is hence blocked).

While you can specify a maximum file size in the form itself for the browser to read, it's only an advisory and there's no guarantee that it will be heeded.

In short, if the user wants to waste their time with an oversized upload only to have it refused, that's their lookout - after having the site go "What did I tell you before about file sizes, Thicky?" a few times maybe they'll learn (but somehow I doubt it 😉

(I wonder - is it possible to have the server abort a file-upload-in-progress if it's too large and have it redirect the browser to a certain page if it does? Scratch that - of course its possible - but is it feasible? I dunno.)

Anon

😃

You've confirmed my thoughts, that's very helpful.

Thanks very much for that - they'll just have to live with it. I'll use is_uploaded_file or the fact that the file size is zero to determine the error condition - whichever works out better 😉