Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118598 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 68684 invoked from network); 10 Sep 2022 12:40:53 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 Sep 2022 12:40:53 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 809941804AB for ; Sat, 10 Sep 2022 05:40:52 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_40,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NEUTRAL, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS16276 178.32.0.0/15 X-Spam-Virus: No X-Envelope-From: Received: from 12.mo582.mail-out.ovh.net (12.mo582.mail-out.ovh.net [178.32.125.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 10 Sep 2022 05:40:51 -0700 (PDT) Received: from player771.ha.ovh.net (unknown [10.111.208.240]) by mo582.mail-out.ovh.net (Postfix) with ESMTP id 54428245C1 for ; Sat, 10 Sep 2022 12:40:50 +0000 (UTC) Received: from php.earth (mail-lf1-f46.google.com [209.85.167.46]) (Authenticated sender: peter.kokot@php.earth) by player771.ha.ovh.net (Postfix) with ESMTPSA id E44EE2E6D9355 for ; Sat, 10 Sep 2022 12:40:49 +0000 (UTC) Authentication-Results:garm.ovh; auth=pass (GARM-106R006b7a1b9d1-6ca9-4f76-a792-c7d7e086a441, 1017B4EC9B5174A2A842C37A9B905B7928952F61) smtp.auth=peter.kokot@php.earth X-OVh-ClientIp:209.85.167.46 Received: by mail-lf1-f46.google.com with SMTP id bt10so7276541lfb.1 for ; Sat, 10 Sep 2022 05:40:49 -0700 (PDT) X-Gm-Message-State: ACgBeo2XLNZvh/Tr5vjs/qM41+Qg/xbwelobMceLdqXIkpVboqWtDBeh ktvM7L7GVMk37HAgrr2/cW9xsEYg5bUZ02XIn5w= X-Google-Smtp-Source: AA6agR6DWbFoqxL/4dBqvzsm9r9lya3ocE4ndtKOZ9TzPLXOj/f1/yFrXHx2J/f6WizZoST52jwgKnFJDxq1Lcpz2Q8= X-Received: by 2002:a05:6512:151f:b0:494:af94:9f59 with SMTP id bq31-20020a056512151f00b00494af949f59mr5747586lfb.587.1662813649161; Sat, 10 Sep 2022 05:40:49 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Sat, 10 Sep 2022 14:40:37 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: Misha , internals@lists.php.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 9642769754963436038 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvfedrfedtjedgheeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepgghfjgfhfffkuffvvegtgfesthhqredttddtjeenucfhrhhomheprfgvthgvrhcumfhokhhothcuoehpvghtkhesphhhphdrnhgvtheqnecuggftrfgrthhtvghrnhepgedvhfegtefhveelkefgjeehgfejtedvheettefhheffgeethfdtueffieevhedvnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkpheptddrtddrtddrtddpvddtledrkeehrdduieejrdegieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhhtpdhhvghlohepphhlrgihvghrjeejuddrhhgrrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehpvghtkhesphhhphdrnhgvthdpnhgspghrtghpthhtohepuddprhgtphhtthhopehinhhtvghrnhgrlhhssehlihhsthhsrdhphhhprdhnvghtpdfovfetjfhoshhtpehmohehkedv Subject: Re: [PHP-DEV] Increase maximum size of an uploaded file to 50Mbyte From: petk@php.net (Peter Kokot) On Sat, 10 Sept 2022 at 11:32, Yasuo Ohgaki wrote: > > 2022=E5=B9=B49=E6=9C=887=E6=97=A5(=E6=B0=B4) 22:58 Misha : > > > Hello everyone, > > > > We spend a lot of time to increase limits for uploads file in PHP. Can = we > > increase it in php.ini? > > > > Current value is 2Mb. Its so small value, when photo image can take 8Mb= on > > iPhone X. > > We should increase it to 50Mb, because DevOps engineers do useless work > > trying to change it. > > > > I have prepared PR for it https://github.com/php/php-src/pull/9315 > > > > Take a look and approve it please. > > > > Thanks! > > > > -- > > Best regards, Michail > > > > > I can understand the motivation, but I am against the change. > > To increase uploaded file max size, POST max size must be increased too. > For 99.99% entry points do not need 50MB POST max size. > and larger POST max size increases DoS risks. > > Default upload file max size and POST max size should be small enough val= ue > for better security. > IMHO, PHP script that handles large POST data should increase these > settings. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net If I'm not mistaken, even the memory_limit needs to be increased when the post_max_size directive is larger. The memory_limit needs to be larger than post_max_size. And the post_max_size must be slightly larger than upload_max_size. memory_limit > post_max_size > upload_max_size