Reputation: 7564
PHP: In the $_FILES superglobal, is the 'size' element supplied by the client?
I have created a nifty class for sanitizing inputs based on their source using PHP filter functions, but there is no INPUT_FILES for filter_input_array().
Obviously, the routine for checking out a file is very involved and that is not the focus of this question (so, you can skip the php.ini, examine the file, copy the file, don't use the user supplied file name, tricks of the trade stuff, references to the manual, etc).
I simply want to know, what is the source of the value for the size element in the $_FILES superglobal array. Yes, I still perform tests on it (and the actual file), but I would like to know the origin of the value. The origin of the 'key' is obviously PHP.
A YouTube video on file upload progress bars (8:50 - 9:10) shows a JavaScript method of determining the file size on the client. If that is true, the file size can definitely come from the user agent and then passed on to the web server / PHP via headers.
Upvotes: 1
Views: 62
Answers (2)
Reputation: 14269
No, the size is provided by the server, but the mime-type (type) is provided by the client, so don't trust this value and check for yourself.
Upvotes: 1
Reputation: 7504
Yes, it's provided for every file. See http://php.net/manual/en/features.file-upload.php
Upvotes: 0
Related Questions
- Can $_FILES[...]['size'] be forged?
- filesize() return 0 ?
- PHP glob() does not list file size
- Why isn't PHP filesize() function working?
- PHP filesize of dynamically chosen file
- Not understanding working filesize() function
- $_FILES["file"]["size"] in megabytes
- What does the size element in $_FILE represent?
- $_FILES['']['size'] - does PHP check file size on server side?
- php file uploads' size