|
|
Posted by "Richard Lynch" on 08/25/05 11:17
On Wed, August 24, 2005 9:50 am, cajbecu wrote:
> Hello. I need some help. I set my php to run script.php before any php
> script. I want to drop uploaded files, so I did
>
> <?php
> if ($_SERVER["SERVER_NAME"]=="some.host.on.my.server") {
> if ((isset($_SERVER['REQUEST_METHOD'])) &&
> ($_SERVER['REQUEST_METHOD']=="POST")) {
> unset($_FILES);
> unset($HTTP_POST_FILES);
> }
> } else {
> }
> ?>
>
> it`s working for that host, but my question is.. if a user can upload
> his
> file on the server, despite the fact i unset all the global variables
> where
> the files are stored.
The files will be in your "tmp" directory (specified in php.ini).
If you change that to be some directory that does not exist, or
/dev/null on a Linux box, then the files won't ever actually live on
your server at all, I don't think...
Well, they will "live" in RAM while Apache accepts the POST, passes it
on to PHP, and then PHP stores it in the directory you chose in
php.ini (the default is to use the OS System default temp directory)
Hope that helps.
NOTE:
Having an invalid temp directory for file upload MAY trigger an error
message in PHP. You may not like that, and may want to test for it,
or use /dev/null for the directory... Oooh, that may not work
either...
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|