Forum Moderators: coopster
function logperformance($logaction){
global $logperf;
$today = date("F j, Y, g:i a");
$logperf.="$logaction $today
";
}
to get an idea of how long each query and processing action takes. Included in that is the desire to figure out how long the file upload takes.
What is exactly the procedure for file uploads? Does the browser do the work of uploading the file first? Does it talk to the server to be sure the server allows this? Or Apache allows this? Does it check the syntax of the php page being called to make sure it compiles before doing the upload. Does the php script in any way "ask" for the upload first? Or can you fake a form to any php page, do an upload and then the php page which never expected a file ignores it (which would be an enormous waste of resources and even a security issue I would think...you could potentially fill up a /tmp directory, although the php.ini file has default limites...)
Essentially, I want that function to "get" the upload time but it doesn't (seem) to be working.
Thanks.
It begins with clicking the "submit" button of the form.
>>Does it talk to the server to be sure the server allows this? Or Apache allows this?
Normally the server allows...must be some config parameter to switch if off incase it is so desired.
>>Does it check the syntax of the php page being called to make sure it compiles before doing the upload.
I think it does that after the upload.
>>Does the php script in any way "ask" for the upload first?
No
>>Or can you fake a form to any php page, do an upload and then the php page which never expected a file ignores it
Yes
>>(which would be an enormous waste of resources and even a security issue I would think...you could potentially fill up a /tmp directory, although the php.ini file has default limites...)
Right :)
OK, so who do we blame? The browsers? W3C? Php (I doubt it, sounds like if your fake form sets up uploading you can point it to a .txt file and it will still upload).
I wonder if those script kiddies use this in a DOS attack? Could you imagine if those suckers set up thousands of uploads in a virus? Scary. Well, I guess it's no worse than pings come to think of it. They probably send as much data as the pipe allows...But then with pings it may be stored in a logfile but not in the /tmp directory!
Anyways, is this as big a hole as I think it is?
If you do not do any thing to the uploaded file .. it is deleted from tmp as soon as the request is completed. More info here [in2.php.net...]
As far as "tmp getting filled up" issue is concerned .. although I am no security expert .. I think that is nothing to be unduly worried about .. tmp is a scratch area where older files get automatically deleted ..
