PHP 4.2.2 - File Upload Problem

[Felipe Franciosi <franciozzy () terra com br>]

Hello all,

I noticed a problem using PHP 4.2.2 as a cgi parser and Apache 1.3.26 on
a slackware 8.0 box running kernel 2.2.21.

As I searched the online manual pages, I noticed that
"alexis AT mvs DOT com" had already seen this problem. I spoke with
him and he said PHP has not answered his questions about it.

The problem is when posting a file trought a form like this:

<FORM METHOD="POST" ACTION="script.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="FILE" NAME="userfile">
<INPUT TYPE="SUBMIT" VALUE="Send File">
</FORM>

In 'script.php', the interpreter is supposed to configure an array
called "$_FILES" with several indexes:
$_FILES['userfile']['name']
$_FILES['userfile']['tmp_name']
$_FILES['userfile']['type']
$_FILES['userfile']['size']
$_FILES['userfile']['error']

The last one was supposed to follow this codes:

0 : UPLOAD_ERR_OK (file uploaded ok)
1 : UPLOAD_ERR_INI_SIZE (upload exceeds 'upload_max_filesize' in php.ini)
2 : UPLOAD_ERR_FORM_SIZE (upload exceeds 'MAX_FILE_SIZE' in html form)
3 : UPLOAD_ERR_PARTIAL (file uploaded partially)
4 : UPLOAD_ERR_NO_FILE (no file was uploaded)

The constants are only supposed to be defined in php 4.3.0, but there's
no problem with that.

The problem is that if you fill the form with a file that doesn't
exist and send it, $_FILES['userfile']['error'] will be set 0 (upload ok)!

The only way I found to check if a file was really uploaded is to check
the size of the file (it will also be set 0).

The point I'm trying to make here is to warn about this issue and to
question if there are ways to use this "bug" in cross-script hacking
anyway.

Thanks,
Felipe

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Felipe Franciosi    franciozzy () terra com br
 Porto Alegre - RS                    Brazil
 Phone: (55)(51) 9123 0557    UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=