Skip to content

Respect MAX_FILE_SIZE POST field in MultipartParser #261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 23, 2017
Merged

Respect MAX_FILE_SIZE POST field in MultipartParser #261

merged 1 commit into from
Nov 23, 2017

Conversation

WyriHaximus
Copy link
Member

@WyriHaximus WyriHaximus commented Nov 21, 2017
edited
Loading

Implements / closes #258

@WyriHaximus WyriHaximus added this to the v0.8.0 milestone Nov 21, 2017
@WyriHaximus WyriHaximus requested review from jsor and clue November 21, 2017 21:49
@WyriHaximus WyriHaximus mentioned this pull request Nov 21, 2017
Closed
@WyriHaximus WyriHaximus changed the title [WIP] Respect MAX_FILE_SIZE POST field and upload_max_filesize ini setting [WIP] Respect MAX_FILE_SIZE POST field in MultipartParser Nov 22, 2017
@WyriHaximus WyriHaximus force-pushed the 258 branch 4 times, most recently from e20fc99 to 4f6ec08 Compare November 22, 2017 16:22
@WyriHaximus WyriHaximus changed the title [WIP] Respect MAX_FILE_SIZE POST field in MultipartParser Respect MAX_FILE_SIZE POST field in MultipartParser Nov 22, 2017
@WyriHaximus
Copy link
Member Author

WyriHaximus commented Nov 22, 2017
edited
Loading

@clue @jsor This PR is ready for review.

jsor
jsor reviewed Nov 22, 2017
View reviewed changes
src/Io/MultipartParser.php Outdated
break;
}
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If i remember correctly, it's not that easy. According to http://php.net/manual/en/features.file-upload.post-method.php#example-383, the field must precede the file input field.

The reason is, that you can have multiple MAX_FILE_SIZE hidden fields. Each field controls the max size of the following file fields.

<input name="file1" type="file"> 
<input name="file2" type="file">
<!-- "file1" and "file2" will have no MAX_FILE_SIZE (no limit) -->

<input name="MAX_FILE_SIZE" value="1024" type="hidden">
<input name="file3" type="file">
<input name="file4" type="file">
<!-- "file3" and "file4" will have MAX_FILE_SIZE = 1024 bytes -->

<input name="MAX_FILE_SIZE" value="0" type="hidden">
<input name="file5" type="file">
<input name="file6" type="file">
<!-- "file5" and "file6" will have MAX_FILE_SIZE = 0 (no limit) -->

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the middleware to support this behavior :+

@WyriHaximus WyriHaximus force-pushed the 258 branch 2 times, most recently from b0db02a to 106c358 Compare November 22, 2017 21:51
jsor
jsor reviewed Nov 23, 2017
View reviewed changes
src/Io/MultipartParser.php Outdated
if ($body == '0') {
$this->maxFileSize = null;
}
break;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the break here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy 🍝

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the 🍝 to 🍕

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yummy 🍽

clue
clue reviewed Nov 23, 2017
View reviewed changes
Copy link
Member

@clue clue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice progress, would love to get this in! :shipit:

Added two minor comments, otherwise LGTM! 👍 Can you add some minimal documentation for this?

src/Io/MultipartParser.php Outdated
if ($this->maxFileSize !== null && $bodyLength > $this->maxFileSize) {
return new UploadedFile(
Psr7\stream_for(''),
0,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't find anything in PHP's documentation about this (http://php.net/manual/en/reserved.variables.files.php), but it's my understanding that we should still set the file size as given by the client here so consumers can show a more descriptive error message ("tried to upload X bytes, only Y allowed")?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM 👍

src/Io/MultipartParser.php Outdated

if ($body == '0') {
$this->maxFileSize = null;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably cast to int above and use strict comparison here? This seems to be in line with how PHP parses this: https://github.com/php/php-src/blob/1c295d4a9ac78fcc2f77d6695987598bb7abcb83/main/rfc1867.c#L914

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM 👍

@WyriHaximus
Copy link
Member Author

@clue added very minimal docs that will be expanded with the PR for #257

clue
clue approved these changes Nov 23, 2017
View reviewed changes
Copy link
Member

@clue clue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! :shipit: 🎉

@jsor jsor merged commit 19b1cda into reactphp:master Nov 23, 2017
@clue clue mentioned this pull request Nov 23, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsor jsor jsor approved these changes

@clue clue clue approved these changes

Assignees
No one assigned
Labels
help wanted new feature
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.

RequestBodyParserMiddleware should respect MAX_FILE_SIZE post value
3 participants
@WyriHaximus @jsor @clue
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy