Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107357
Return-Path: <rasmus@lerdorf.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55008 invoked from network); 1 Oct 2019 17:36:31 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 1 Oct 2019 17:36:31 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 1F72E2CC48C
	for <internals@lists.php.net>; Tue,  1 Oct 2019 08:17:12 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS3215 2.6.0.0/16
X-Spam-Virus: No
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp3.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  1 Oct 2019 08:17:11 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id n26so20391479ioj.8
        for <internals@lists.php.net>; Tue, 01 Oct 2019 08:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lerdorf-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=3HYAGvwHSfqPfwFubxi/cdvmCoYMgQjHf5UpgYP6q18=;
        b=FqlQ+mYcmZaF6KnS4VJ8kxwdycAwKyQTcPF66jzTp54TrV6GsUB4t+BAhPkIonkanX
         mREc4SUU6/PPYpWJe1Tw5hdU8X7nMP+mi34Ta8K34+i0a3Q/WsM3iDrRRFoe4RlVnbZ4
         iq9Z7BDYwoEbiA1f/j0FLXh+LPmzPptuAKWnjasQGweuJJPwUArk8xJf7GDOTpx0NOdt
         kPVNLVZP4zL/lUWAI6lkGmcRkkYoe2XBESASFFLanmPh/9mBdygLLn3DsDbccZRqxi1F
         VIKpNHBkbA4L3bmjuWWbhY9kSOBwU14ysuwIS8ODSxWVmyCJFIptjyhs8pwdr2Qsst0g
         uqsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=3HYAGvwHSfqPfwFubxi/cdvmCoYMgQjHf5UpgYP6q18=;
        b=jxtm1VuJt+/L3oAeSDVmmgfvOPEZb+09PRB5z9zr4GapsgObDzxTkMVGoDkRIZZbOg
         +89f7Fl4Lg+0+o5lVNNx3+nEISzmvzmejtx5mzgmPXVkJn7AfMUnF9oQv7Oe05lU5OLP
         3ZO6W9exPYG1iFscT6HqIPpD0Vjb3qeIsNCOhzaTfZCtwzO1SJdEm916NI3Vx2WJNLKA
         nzISPh8uRCpgVGapLbk/XvRROAymuOqDp1f7OI/r107s3wW4WSAMehv13em2LoR5IGjt
         o0WszO6cd5nk4dd+X8bmp3UM5VbQyTnbDC7YNJC4vnYOv44irrg9q3za0WjC7rY/wtZ+
         y8DA==
X-Gm-Message-State: APjAAAVTqIpF6inuMkT8m9nc6liUsg+iEuJKtVMkJxObe5BZ905kFmEU
	9JNiBxK46VkusNN3ycgfRalFePhU4saarAYmci1EIQ==
X-Google-Smtp-Source: APXvYqxtPRxOfw1cwp683Zhym5K93jXeCGG3rmfrlN3RiSY5j9gOIDm9VVnEx+E/biwr7rXnJIpgwz03PjtfcVJSq/0=
X-Received: by 2002:a92:6812:: with SMTP id d18mr26629625ilc.234.1569943030449;
 Tue, 01 Oct 2019 08:17:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAG9XoMQp5wzs6msh_q33z1JEcMs2cNwWH+HmW4C9vYf+xLYeiA@mail.gmail.com>
 <CACXBjuimGBre6NwFmZ8cajscK=a0QB2LqpHy6arm6nEHd45RGw@mail.gmail.com> <CAG9XoMSbx1cRnka7zZyvkPmLYTocAEPP4+G_quz-Cxa-EsO4xA@mail.gmail.com>
In-Reply-To: <CAG9XoMSbx1cRnka7zZyvkPmLYTocAEPP4+G_quz-Cxa-EsO4xA@mail.gmail.com>
Date: Tue, 1 Oct 2019 08:16:34 -0700
Message-ID: <CACXBjuj823HdUJofYgjkWuC8peWZ5Fm4=QkPg1C33CfYhdyYBw@mail.gmail.com>
To: Benjamin Morel <benjamin.morel@gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000a5e8b30593dad841"
X-Envelope-From: <rasmus@lerdorf.com>
Subject: Re: [PHP-DEV] Error when POST / upload limits are exceeded
From: rasmus@lerdorf.com (Rasmus Lerdorf)

--000000000000a5e8b30593dad841
Content-Type: text/plain; charset="UTF-8"

On Tue, Oct 1, 2019 at 6:32 AM Benjamin Morel <benjamin.morel@gmail.com>
wrote:

> > We have https://www.php.net/manual/en/features.file-upload.errors.php but
> in general this is not so easy to make more convenient because this runs
> before your PHP code starts to run, so it is not like you can stick it in a
> try/catch.
>
> Hi Rasmus,
>
> These errors are only relevant when you have something in $_FILES, which
> is not always the case I'm afraid:
>
> - when exceeding post_max_size, $_FILES is empty
> - when exceeding max_file_uploads, you don't get entries in $_FILES past
> the nth allowed file
>
> I understand that because all of this happens before userland code is run,
> indeed it's not possible to catch it.
> I also understand that throwing a fatal error in this case would not be
> welcome, as it does not give userland code a chance to inform the user
> about the problem.
>
> What about setting a $_SERVER value in this case? For example:
>
> $_SERVER['CONFIG_LIMIT_EXCEEDED'] = 'post_max_size'
>
> This, together with empty $_POST and $_FILES if any limit is exceeded
> (including max_file_uploads), should be relatively sane behaviour IMO.
>

Perhaps a more generic $_SERVER['PHP_REQUEST_STATUS'] or something along
those lines where you'd put the error message from
https://www.php.net/manual/en/features.file-upload.errors.php as well. And
add new states for these exceeded limits that aren't caught there. It would
be nice if you just needed a single check instead of having to look for
multiple things.

-Rasmus

--000000000000a5e8b30593dad841--