Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118583 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 99184 invoked from network); 8 Sep 2022 11:29:04 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 8 Sep 2022 11:29:04 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 1EAAF1804AA for ; Thu, 8 Sep 2022 04:29:04 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_40, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 8 Sep 2022 04:29:03 -0700 (PDT) Received: by mail-ej1-f50.google.com with SMTP id dv25so8042024ejb.12 for ; Thu, 08 Sep 2022 04:29:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=WAjJ7istCll2b0bMwOlku81DO1L5PPXiXIZVO66z/qw=; b=hYjdDo9FRtEdWe3rHWWapO5fYY3bAgTSPdflcZ5LlFwac3Zd/+cWpznRjvE5i9e6XS /+xcLWJH8SUF0pTpQEQ1gcw3/Dvwpdls71C5mOqBhkCM+1qznkF0Bl8sc3iNqAvwGent Vo6H0FrfRN1/iS4f7K0a0qYt7+OvIe3B10qeUnU3fCBkzKcxUCy92RcKWI8G4eToM3IE /KHGIw1e2/5QZj/DPiU8cltGJSrI6j2crbyP4ArXnqWpdLmXttxZ4Uq1m2gGzvBMBIjE Q4BMi1qS5pXQiEO1M+iigKEbiHJ2cx2pN2N5vRXhwaL/EykWIbAqI5Wbo8i8h/xmdm+I 6s6g== X-Gm-Message-State: ACgBeo1lO4NaNviiuRThvsISQcghlLzv/ULMdMtbPRQMnNPgTH6L4epR iKYRGMVRFGOq+kUrCtLo1MsSNiDKBRgmCHECq+g= X-Google-Smtp-Source: AA6agR7bpiCb8qtfQFRTSuu7njIQfQSOJ1WoLQwNoM22DGorVSGufrfgToqRBrPnpYe2VK2SrkPdDbVeGRBMWSsBL7k= X-Received: by 2002:a17:907:2bd5:b0:76f:591c:466b with SMTP id gv21-20020a1709072bd500b0076f591c466bmr5502507ejc.504.1662636542455; Thu, 08 Sep 2022 04:29:02 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 8 Sep 2022 12:28:51 +0100 Message-ID: To: Misha Cc: PHP internals list Content-Type: multipart/alternative; boundary="00000000000080f2d105e828bc9f" Subject: Re: [PHP-DEV] Increase maximum size of an uploaded file to 50Mbyte From: bukka@php.net (Jakub Zelenka) --00000000000080f2d105e828bc9f Content-Type: text/plain; charset="UTF-8" On Wed, Sep 7, 2022 at 2:58 PM Misha wrote: > Hello everyone, > > We spend a lot of time to increase limits for uploads file in PHP. Can we > increase it in php.ini? > > Current value is 2Mb. Its so small value, when photo image can take 8Mb on > iPhone X. > We should increase it to 50Mb, because DevOps engineers do useless work > trying to change it. > > I think the problem is that too high value can potentially result in DoS if you have for example some API that might be sensitive to it. I think this should be really handled on web server though and Apache httpd [1] as well as nginx [2] have the default limit set to 1MB. The only problem is that Apache introduced that limit default quite recently (2.4.53) so there are likely still lots of users where this value matters more if they don't tweak defaults. I guess it might be wise to do much smaller increase and start maybe somewher closer to 8MB or maybe even wait a little bit longer till most users have safe defaults on web server. [1] https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody [2] http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size Regards Jakub --00000000000080f2d105e828bc9f--