From: Tomas K. <to...@us...> - 2005-08-22 07:30:46
|
> Paul Lesneiwski wrote: > (...) >>>According to the manual, the function returns true on a successful >>> upload, >>>not whether a temp file was created for that upload. So if the browser >>>says it's uploading a 0 byte file, and php creates a 0 byte file, then >>>everything is right, and veriftication is successful. Not sure as to >>> why >>>anybody would really want to upload a 0 byte file. I guess we could add >>>an additional check and verify the size of the file is greater than 0 >>>bytes. >> >> >> It might be rediculous, but I don't think we should 2nd guess the end >> user. Let them upload zero byte files if they want. The code works >> fine. > > Actually, it's not about letting user upload a 0kb file, it's about > letting user think they uploaded a file when they didn't. > > If the user type in the path to the file he/she wants to upload and > makes a typo in the path (and not in the filename), firefox won't warn > the user, squirremail won't either. He/she will ends with a 0kb > attachment with the right filename! > > Plus the real problem is more the change of behaviour between > squirrelmail 1.2 and 1.4. move_uploaded_file() is compatible with php safe mode. generic file system commands (rename) are not. SquirrelMail SM-STABLE-1_4 uses both (1. rename(), 2. move_uploaded_file()). SM-STABLE-1_2 uses only move_uploaded_file(). src/compose.php saveAttachedFiles() function. Can you reproduce your problem if you disable "if (!@rename($_FILES['attachfile']['tmp_name'], $full_localfilename)) {" ? -- Tomas |