The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 19, 2019, 05:37:52 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: php upload  (Read 2542 times)
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« on: November 17, 2008, 01:59:27 PM »

Code:
<?

ini_set("post_max_size","20M");

phpinfo();

?>


Theoretically shouldn't this display 20M in the phpinfo for the post_max_size?


Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #1 on: November 17, 2008, 02:12:27 PM »

Theoretically...yes.

But for ini_set to work, your PHP process probably (though I can't say for sure) needs write permissions on your php.ini

Or not? I am not sure. That's just a guess for if it's not working.
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: November 17, 2008, 05:54:21 PM »

that function doesn't actually write to the ini... it overwrites the ini value for <this script's execution> and when it's over the value returns to normal.

Also, I don't think phpInfo would ever show that because it's dialed into the fundamental setup, not the way <this instance> is running.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #3 on: November 18, 2008, 07:27:31 AM »

Ah, that asplains it.
Logged

hai
ekibastos
Rookie
**
Offline Offline

Posts: 38


View Profile
« Reply #4 on: January 27, 2009, 02:33:52 PM »

that function doesn't actually write to the ini... it overwrites the ini value for <this script's execution> and when it's over the value returns to normal.

Also, I don't think phpInfo would ever show that because it's dialed into the fundamental setup, not the way <this instance> is running.

Is there a way to write to the ini rather than
for just _this scripts execution_?
Logged

<quote nutballs>
Apple is that hot chick that gives you lots of sex but is a total bitch with a horrible abusive temper.
</quote>
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #5 on: January 27, 2009, 02:42:18 PM »

Tricky.

If you grant PHP the ability to write to the PHP.ini file you have opened up a profound security hole. And to effect the change, it would need to spawn a task that cycles Apache, meaning that it has (for all intents and purposes) root level privileges.

(This all assumes, of course, that you are talking about PHP via Apache. If you run PHP via the command line and you are logged in as root, then it has the ability to do that. But this makes no sense, since you could easily VI into the file and do it yourself.)

I would not recommend that you pursue this path, because I cannot see where the benefits would outweigh the detriments (assuming a reasonably well intentioned effort - if this is a black effort I get it, but the public boards are not the place for such discussion).
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!