6

I have a site that is receiving 30-40k photo uploads a day and I've been seeing an issue pop up with more frequency now. This issue is this:

Our upload script receives (via $_FILES['name']['tmp_name']) a file (photo) that was NOT uploaded by the user & the majority of the time the file received is a "partial" upload.

Of course at first I thought it was my PHP code making a simple mistake and I've spent days looking over it to make sure, but after placing checks in the code I've found that the file received via a HTTP POST upload to PHP is actually the wrong file. So the issue is happening before it reaches my code. The tmp file (phpxxxx) received by the script is sometimes incorrect, as if it was somehow being overwritten by another process and its usually overwritten by a file that was partially uploaded.

Has anyone every seen an issue like this? Any help is greatly appreciated. I'm turning to this as a last resort after days of searching/asking other PHP devs

So to recap:

  • User uploads a photo
  • PHP script receives a file that was not uploaded by the user (pre code, via $_FILES in /var/tmp)
  • Usually the incorrect file received is a partial upload or a broken upload
  • It seems to happen randomly and not all the time
mrmanman
  • 161
  • 2
  • 8
  • This is a long shot - but perhaps it's an encoding issue? I know some browsers try to upload using gzip compression. This might make it seem like it's not an image file. What do the HTTP headers of the upload look like? – Shalom Craimer Mar 04 '09 at 06:40
  • I believe this to be a dupe of http://stackoverflow.com/questions/631871/php-temp-file-names-for-uploads-colliding – Iiridayn Jul 19 '10 at 17:22
  • Possible duplicate of [PHP temp file names for uploads colliding](https://stackoverflow.com/questions/631871/php-temp-file-names-for-uploads-colliding) – Iiridayn Nov 09 '18 at 20:04

3 Answers3

2

First off, check you PHP version.

Second, check your file upload limits and POST_MAX_SIZE in php.ini

It might just be that someone tries to upload a file that's too large :-)

SchizoDuckie
  • 9,353
  • 6
  • 33
  • 40
  • Its php 5.2.8 with Apache 2.2.11 and FreeBSD 7.0. I've made sure all the php.ini vars are set correctly. Post max size and also file max size are set very high. I also set the max_input_time to a higher value in case phone uploads were taking too long. – mrmanman Mar 04 '09 at 19:43
2

Can you try different names for the temp file to avoid its being overwritten? Can you identify the origin of the new, incorrect and incomplete file?

Is this a development environment? Is it possible that more than one user is uploading files at the same time?

Try your program with very small images to check if SchizoDuckie is correct about filesize problems.

Try with different navigators to eliminate the admittedly remote possibility that it is a local problem.

Check permissions on the directory where the temp file is stored.

Andy Swift
  • 2,179
  • 3
  • 32
  • 53
  • Is there a way to change how PHP chooses its tmp file names? This is a production environment/server. I've moved it to a different server and the issue still persists. The /var/tmp directory is chmod 777 – mrmanman Mar 04 '09 at 19:44
1

PHP's built-in file handling does not support partial uploads.

Turn off KeepAlives and/or send a 'Connection: close' header after each upload.

Configure your webserver to send the header 'Allow-Ranges: none'.

h0tw1r3
  • 6,618
  • 1
  • 28
  • 34