0

The user is to provide a URL from which the server will fetch a file using file_put_contents()

I would like to restrict the file size to 1MB

I am able to check the file size of some files prior to downloading using THIS solution. However not every HEAD request returns the size of a file prior to its download.

Is there a way to stop the download of a file to a server if the file size exceeds a certain number of bites?

Community
  • 1
  • 1
user3104316
  • 45
  • 1
  • 9
  • 1
    Use classic way of reading files (`fopen`...), it works over HTTP and "abort" if EOF does not come before 1MB of data. – Sergiu Paraschiv Aug 17 '14 at 20:50
  • So will it be restricted by output_buffering? If so how can I set the limit of a download so that it is a multiple of the output_buffering value? – user3104316 Aug 17 '14 at 21:10
  • I don't think we understand each other. What do you mean by "fetch a file using file_put_contents"? Fetch usually means "read" and `file_put_contents` writes. Could you please clarify the question a bit? – Sergiu Paraschiv Aug 18 '14 at 07:15
  • Read - the server will need to read the resulting file of a URL. – user3104316 Aug 18 '14 at 21:42
  • 1
    Then you meant `file_get_contents`. Don't use it. Instead use `fopen`-> `fread` (with a limited length, x KB, smaller than 1 MB) -> `fclose` if `feof` or total data read >= 1 MB. If you get to `feof` then it's smaller than 1 MB and you can save it to disk or do whatever you need to do. All the functions I'm talking about are documented in the manual (eg. http://php.net/manual/ro/function.fread.php) – Sergiu Paraschiv Aug 19 '14 at 06:55

2 Answers2

1

Answer as suggested by Sergiu Paraschiv comments:

function get_file_Name_from_URL( $url, $SizeLimit ) {
$_1MB = 8000000;
$Limit = $_1MB *  $SizeLimit;
$file = fopen("$url","r");
fread($file,"$Limit");

// check for end of file
if (feof($file)){




return true;
} else{

//File is too big


return false;
}

fclose($file);
}
user3104316
  • 45
  • 1
  • 9
0

I'm not sure if you can check transfer during upload.

Instead you can check the filesize after you download it and if it is more than 1MB, delete it.

Wojciech S.
  • 16
  • 2
  • The problem with this solution is that there's potential for attacks. Could use a lot of resources if a large file is submitted. – user3104316 Aug 17 '14 at 21:08
  • If you're using linux nothing wrong could happen, but I know this is not the best solution. I also know about large files. You can use script which checks the filesize before downloading it (it should cover 90% of cases) and if is not returning value, use option I gave above. – Wojciech S. Aug 17 '14 at 21:39
  • Potentially wasting valuable bandwidth. – user3104316 Aug 17 '14 at 21:54