- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I guess that comparing the size against
20971520was too hard. Or maybe20*1024*1024.Admin
Critical bug then.
Admin
Poorly written first paragraph. Did they have files larger than 20MB that they needed to upload (and this needed to fix code) or were they finding that users were uploading files larger than 20MB when they shouldn't be able to? The text is ambiguous. I read it as the former and was confused until I figured out from the code that it was the latter.
Admin
Worse yet:
$uploadedFilelooks like "file which has already been uploaded". Why do you upload too large a file frist, only to discard it afterwards? If it gets discarded at all - perhaps more likely spamming sometempdirectory which may or may not occasionally get cleaned.Admin
How else would you validate the size of a file being uploaded through a web app? Surely you're not going to trust what the client code says?
Admin
That's mebibytes, not marketing bytes. Which means the effective upload limit was slightly over 19 marketing bytes, not 19.5 MiB.
Admin
Maybe he was afraid that multiplying 2010241024 produces a large number and it would overheat the CPU?
Admin
The sort of error I play code-golf on. I believe it's one byte, a dot behind the first 20, so everything becomes floating point arithmetic.
Admin
The frontend might also check the file size, and this is just there to be sure nobody uses curl to circumvent the limit. Or something like that.
Admin
I don't see how using
floorwould solve the problem... If someone uploads a file that is slightly larger that 20MB (say, 20972000 bytes),floor ($uploadedFile->getSize() / 1024 / 1024)will be 20, which is not> 20, so it will accept the file even though it's too large. There's no need for rounding or truncating here, just compare the size to20 * 1024 * 1024.Admin
I would try to ensure, that it accepts any file that is shown with size "20 MB" in any file manager the users can be expected to use. Life's too short for support calls!
So, floor/truncate does not solve the problem they believe they have, but it's still a good thing to do
Admin
In order to check the file size on the server, the client first has to send the file to it. "Uploaded" here means "uploaded by the client to the server", not "uploaded from the server to wherever it has to go for permanent storage".
There are ways to check the file size on the client, but that would mean front-end code, not back-end code. Which isn't bad, but isn't sufficient if you want to put a hard limit on this file, since front-end code can always theoretically be messed with by someone curious, determined, and/or malicious.
Admin
Well, it's floor combined with changing the > 20 to >= 20. or > 19. Or using ceil() instead. Or not rounding at all, since php will cast the (int) 20 to float (20.0) on its own since this isn't Java. or the many many other ways this could work.. It's actually really hard to make this NOT work in PHP, but they managed to find a way...
Admin
Unless this limit is only for this specific application, you can just set the php.ini parameter
upload_max_filesizeand it will be checked automaticaly.Admin
So what? They used the 2^20 definition rather than 10^6. Not a WTF to me.
Admin
It seems like an appropriate solution would be to have the web service that's assembling upload chunks error out once the programmed limit has been exceeded for that upload. If you didn't care about bandwidth, then the service could continue to receive chunks without actually writing them to disk and once a higher threshold has been met, it could label the sender as potentially hostile.
Admin
I'm utterly unable to understand what role rounding or truncation can possibly play here.
Admin
@Malte
It's already floating point - PHP doesn't do integer division like C does:
Admin
How exactly is this a WTF?
if (round($uploadedFile->getSize() / 1024 / 1024) > 20) { [ ... throw some error message ] }
I'd want to see the original change request.
Admin
Because any file of size less than 20.5 Mb* will pass validation. A file can be nearly 512 kb too big and still get uploaded. There's also the fact that they didn't haver to do the divisions and the round/ceiling at all if they had just compared the size in bytes with
2 * 1024 * 1024Admin
Weed market420 is an established source for buying weed online in USA & Canada. We are a reputable organization with a steady base of customers growing rapidly. We realize it’s not easy searching online for the safest, quickest and most reliable source to buy cannabis online which is why we survey thousands of customers to provide reviews online so you can reassure yourselves that we are the real dealers. https://weedmarket420.us/product/buy-chocolate-mushrooms/ https://weedmarket420.us/product/dark-chocolate-raspberry/ https://weedmarket420.us/product/just-a-tickle-shroom-bars/ https://weedmarket420.us/product/magic-boom-bars/ https://weedmarket420.us/product/trippy-flip-milk-chocolate-bar/ https://weedmarket420.us/product/wonder-bar-mushroom-bar/ https://weedmarket420.us/product/just-a-tickle-shroom-bars/ https://weedmarket420.us/product/goal-coast-clear-for-sale/ https://weedmarket420.us/product/order-cheap-carts-online-usa/ https://weedmarket420.us/product/buy-gold-coast-clear-online/ https://weedmarket420.us/product/buy-gold-coast-carts-online/ https://weedmarket420.us/product/cocaine-for-sale-online/ https://weedmarket420.us/product/peruvian-89-pure-fishscale-cocaine/ https://weedmarket420.us/product/buy-peruvian-fishscale-cocaine-online/ https://weedmarket420.us/product/colombian-cocaine/ https://weedmarket420.us/product/cracks-cocaine/ https://weedmarket420.us/product/buy-peruvian-cocaine-92-pure/ https://weedmarket420.us/product/buy-pure-powder-cocaine-online/
Admin
Searching for the best weed delivery service near you! Look no further! Weed market420 Delivery is one of the most trusted, professional and top-quality weed delivery services in California. Weedmarket420 Express delivers legal, dependable, quality medicinal and recreational cannabis that caters to your desires at a competitive price with FAST and friendly service. See this page. https://weedmarket420.us/