Files upload question
This is an open discussion with 3 replies, filed under General.
Search
@Flex AFAIK from a PHP standpoint your objection holds. However, I would suspect, though don't know for sure, that it is used by Symphony to provide feedback to users when their files are too large.
I agree with you. But, I think, some anti-hacking proctection should be added to File Upload Fileds
. My solution:
CREATE TABLE sym_fields_upload (
id int(11) unsigned NOT NULL auto_increment,
field_id int(11) unsigned NOT NULL,
destination varchar(255) NOT NULL,
validator varchar(50),
max_size INT NOT NULL,
PRIMARY KEY (id),
KEY field_id (field_id)
) ENGINE=MyISAM;
max_size field I will use to keep max file size.
And in checkPostFieldData
function I added some code to check if file size is valid.
if($data['size'] > $this->get('max_size')){
$message = __("File exceeds the maximum allowed upload size", array($this->get('label')));
return self::__INVALID_FIELDS__;
}
In your config.php there is a value admin->max_upload_size
which is used if you do not pass something through as a hidden field. I never bother passing the hidden value, since I always set a max size in my .htaccess
file instead. This in turn overrides whatever your Apache default is.
You're right though, the core upload field (in future Symphony versions, at least) should have a file size limit on a per-field basis. Some file upload extensions for Symphony 2 may already implement this.
Create an account or sign in to comment.
Why in my forms, which contains file fields, I have to use
MAX_FILE_SIZE
hidden field? I think it's ugly way to limit filesize. It would be better to use some parameter in upload field.