NYCPHP Meetup

NYPHP.org

[nycphp-talk] Best way to handle LimitRequestBody $_REQUEST limitation

Phillip Powell phillip.powell at adnet-sys.com
Mon Jun 21 18:49:56 EDT 2004 

Hans Zaunere wrote:

>>Background: I'm building a totally portable/scalable/secure file 
>>cataloging system in PHP version 4.3.2; this application will be 
>>portable for all systems that have PHP, whether Windows or Unix or 
>>whatever as its goal as it is a web-based portable application.
>>
>>This application allows you to upload a file of a certain file size
>>    
>>
>that 
>  
>
>>I have set up.  For example, if you set $maxImageFileSize to 100K then
>>    
>>
>
>  
>
>>no image larger than 100K can be uploaded to the system, it won't let 
>>you.  This works just fine.
>>
>>However, if I try to upload an image or something that is larger than 
>>LimitRequestBody size of, for example, 524K, the results are a bit
>>    
>>
>more 
>  
>
>>problematic than an error message, all sorts of bad crap occur
>>    
>>
>depending 
>  
>
>>on your browser that blows up the entire application.
>>    
>>
>
>Aye... because Apache doesn't like it.
>  
>

Yeppers.. not a PHP thing, it's an Apache thing.  No friendly means that 
I know of to say "Hey too big get over it!"

>  
>
>>I want to know the best-practice method to handle this.  Readjusting 
>>LimitRequestBody in /etc/httpd/conf.d/php.conf is not an option 
>>according to my company because this application is, again, designed
>>    
>>
>to 
>  
>
>>be portable, so that it can be mounted on Client A's server or Client 
>>B's server or Client Z's server and work exactly the same on all three
>>    
>>
>
>  
>
>>even if all three have completely different configurations to 
>>LimitRequestBody.
>>
>>So, what do I do?  Files < 100K are fine; files 100K+ - 524K are fine;
>>    
>>
>
>  
>
>>files > 524K bomb the entire application and I can't figure out what
>>    
>>
>to 
>  
>
>>do about that.
>>
>>I tried displaying a message that stated that the maximum image file 
>>size that this installation of PHP on this server can handle is 524K
>>    
>>
>but 
>  
>
>>using ini_get('LimitRequestBody') and get_cfg_var('LimitRequestBody') 
>>both failed.
>>    
>>
>
>LimitRequestBody isn't a PHP configuration directive... it's from Apache
>itself.
>
>http://httpd.apache.org/docs/mod/core.html#limitrequestbody
>
>AFAIK there's no way to set it in PHP.  That said, it's not set by
>default.  Otherwise, you could include a .htaccess file that sets it to
>0 explicitly and thus make it unlimited.  Then again, if the deployed-to
>Apache environment doesn't allow .htaccess directives, it wouldn't work.
>
>H
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>
Cool possibly, Hans, but again, background: this application must be 
completely portable with virtually NO changes to the client's server 
environment to run it. 

I came up with the following.. works in Apache, but fails in IIS:

Following is my function I wrote to retrieve the value of 
LimitRequestBody in php.conf if the webserver is Apache:

[PHP]
/*-----------------------------------------------------------------------------------------------------------------------------
    There is no native method in PHP to obtain a value that is in a 
separate CONFIG file, particularly
    /etc/httpd/conf.d/php.conf, therefore, you will have to obtain it 
yourself the hard way: splice up the
    file and retrieve and set into a session variable, or, obtain from 
the existing session variable
  
-------------------------------------------------------------------------------------------------------------------------------*/
  function &getLimitRequestBody() {
    global $limitRequestBodyFilePath;
    if ($_SESSION['limitRequestBody']) {
       return $_SESSION['limitRequestBody'];
    } else {
     $fileID = @fopen($limitRequestBodyFilePath, 'r');
     if (!$fileID) return 0;    // BOMB OUT - $limitRequestBodyFilePath 
SET IN CSV FILE AND IS REQUIRED TO OBTAIN LimitRequestBody
     $contents = @fread($fileID, filesize($limitRequestBodyFilePath));
     @fclose($fileID);
     preg_match('/LimitRequestBody[\s\t]*([0-9]+)\n*/i', $contents, 
$matchArray);
         $_SESSION['limitRequestBody'] = (int)trim($matchArray[1]);
     return (int)trim($matchArray[1]);
    }
  }               


[/PHP]

Nice function, however, HUGE dilemma: the application that will use this 
function is designed to be fully portable, that is, it can run in Apache 
or IIS or anything that can run PHP.  That means everything in this 
application needs to run equally in any webserver that can handle PHP, 
including this function.

This function works only if you're using Apache since it retrieves a 
specific file /etc/httpd/conf.d/php.conf that has a value I need that 
PHP itself cannot provide to determine the absolute limit of a request.

So how do I write this for IIS or any other PHP-friendly webserver?

Thanx
Phil

-- 
---------------------------------------------------------------------------------
Phil Powell
Multimedia Programmer
BPX Technologies, Inc.
#: (703) 709-7218 x107 
Fax: (703) 709-7219

More information about the talk mailing list