how to determine file size before fetch using php curl

Question

I am providing a facility to my web users that they can upload their profile image from a url rather than uploading it from computer. I see here a mischievous user can provide url of a huge file or may be some url which is tailed to /dev/random, very unlikely but can happen. Is there a way I can determine the size of file before fetching it completely to my server?

Answer 1

Depending on what you are doing to grab that remote file, there are different things you can do.

• While file_get_contents('http://foobar.com') is quite convenient, it gives you the least amount of control. I don't see how you could do a HEAD request to grab the Content-Length header up front.
• fsockopen() will make you cry when dealing with HTTPS.

• curl is, well, curl. It's just as ugly as powerful. There are other options, like the HTTP Pecl (basically wrapping curl) as well.

  1. check if the resource provides a Content-Length header. Do a HEAD request for this. Some servers/services don't handle HEAD requests. You'd then make a GET request and abort the transfer after you got the response headers.
  2. If (1) yielded a result, check if it's greater than you limit. If so, abort.
  3. Use curl to fetch the resource. Have a look at CURLOPT_READFUNCTION to be able to abort the download if the volume exceeds your limit. You should also check this, if (1) yielded a result, as this result might've been spoofed.

In the very worst case you'll have made 1 HEAD and 1 GET request to acquire the Content-Length, as well as another GET request to download $yourLimit bytes.

Answer 2

Check for the Content-Length header in the response from the server.