stackoom
  简体   繁体   中英

PHP - **manually** creating the $_FILES superglobal array

 原文  2012-12-17 14:08:22       php/ file-upload

Question

This is in reference to this question - need something that is same as $_FILES from remote server download with php

In the above post, what the OP basically wants is to manually populate the $_FILES superglobal array for file uploads.

In the answer, you will see the use of tempnam to create a temporary file and storing the resource in it by using file_get_contents , which i think should work in theory (not tested).

Now, my question is doesn't PHP has any checks in order to detect and prevent this behavior or how does post-max-size / upload-max-filesize ini values affect this manually created $_FILES array?

4 answers

solution1
 3 ACCPTED  2012-12-17 14:16:47

The post_max_size and upload_max_filesize will have no affect whatsoever on the scenario in the question that you linked to because they are making an outgoing connection to a remote source to get the data. The two ini settings will only have an affect on POST data that is sent to your script (ie incoming ).

PHP does not do any checks on changes to the $_FILES array, you can freely modify the array with no limitations.

solution2
 1  

$_FILES is just a simple Array created by the webserver. You can do what ever u like with this array. tempnam creates a file, which is under your control. Thats why "post-max-size" and "upload-max-filesize" doenst matter in that case. If u kill the servers space with your own code, thats your problem. post-max-size makes sure, that no other people can create huge network traffic.

solution3
 0  2019-04-02 14:20:10

For a single file, this is it: 

$path = '/path/to/my/image.jpg'

$file = [
    'name' => 'image.jpg',
    'type' => 'image/jpeg',
    'tmp_name' => $path,
    'error' => 0,
    'size' => filesize($path),
];

solution4
 -3  2012-12-17 14:14:27

You cannot prepopulate the $_FILES array, nor can you put information into the name of a type=file control in HTML. It's a security issue. Think about it... If I could put information into the name of the file I wanted to upload, I could take data off your computer without your knowledge or permission. All that would have to happen is for your browser to visit my web site and "Poof!"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP File Upload, using the FILES superglobal array PHP - Duplicating $_FILES superglobal Length of a PHP superglobal array Superglobal $_FILES array error element Defining custom superglobal array in PHP PHP a custom SUPERGLOBAL array question Stop PHP from creating arrays in $_POST superglobal PHP $_FILES superglobal only containing name How to store $_FILES superglobal variables in an array and loop through them to find a match in PHP? How exactly is PHP creating superglobal $_POST, $_GET, $_COOKIE and $_REQUEST?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM