Login/Register
How to prevent Warning: POST Content-Length and memory size
Asked Answered
Solved phppostfile-uploadfilesizemax-size
W

7

12

Currently when user uploads a photo the page says "Warning: POST Content-Length of XXX bytes exceeds the limit of 21000000 bytes in Unknown on line 0".

I know what that means and I am NOT looking for the solultions like the increasing the max_upload values or even memory_size_limit... Because users may and users will upload terabytes of nonsense even if you explicitly tell them only max 20MB files and only images are allowed.

I am looking for a solution on:

  • How to prevent this warning(s) to even happen?
    OR at least:
  • How to prevent displaying of this warning(s)?

EDIT: PLEASE READ ! - Please understand that of course I am handling the error/warning after (since line 1) , problem is this happens on a virtual "line 0" that is why I need to hide the error or prevent it to raise - because I cant put any code before the place where the error happens.

EDIT2: Finally after a very long research and digging I got an idea - it worked - see my own answer.

Weiler answered 11/2, 2014 at 14:42 Comment(6)
Prevent displaying the error means not solving the problem but passing it. I don't encourage it. You can check the file's size before uploading (on modern browsers - HTML5 File API), check it out: https://mcmap.net/q/102889/-check-file-size-before-uploadYingyingkow
Users may and should get denied by your web server if they send request too large, not by hiding an error due to memory exhaustion. But if you're not looking for solution on how to do it right, then why bother with hiding the message?Revisory
@OfirBaruch I know but there will always be someone who will bypass the client-side check I am looking for the server side solutionWeiler
@Revisory I need to catch the error in the PHP to tell the users "hey you are uploading too much" , but the problem is this happens BEFORE script... So do you have any solution how to do that?Weiler
It's funny how everyone on StackOverflow instantly assumes that you are doing something wrong when you ask a question like this. Sadly, in many cases those people might be correct. But in this case those people should have realised the basic rule of HTTP requests applies here: you can never trust what a browser/client sends you.Stendhal
andrewcurioso.com/blog/archive/2010/…Teasley
W
12

So after searching instead of working today I finally got an idea how to solve this, it worked, and even didnt cause much damage. But please first understand what you are doing, before doing it. :) As I suggested in one of my comments it is really possible to turn off PHP errors in .htacess - just turn off the PHP startup warnings.

Before you apply the solution:

Note that: after you insert this code to your .htaccess you won't be able to see any startup error

Also note that: there are more start up errors on line "0" than this one.

Do before: Before you do this you should prepare your script in the way that it should check the uploaded content size and give user a proper information message. The fact that the warning doesnt show DOES NOT mean that you should do nothing about it. It means the EXACT oposite - you should do all that you can to make something at least near-equal to the warning raise - check, double check if you can, handle error and raise your own error message.

Add this to your .htaccess:

php_flag display_startup_errors off

It is not that evil as it seems to be:

Please note that this turns off startup errors only.
So all the regular PHP errors/warnings/notices stays ON :)

Even XAMPP's PHP "itself" recommends it for production:

The php.ini file literaly says:

; display_startup_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off

PS: "startup error" seems to be those errors before PHP script is executed itself - these errors are usually trying to "persuade" you that they are on the line 0.

Thanks to my idea and this answer: How to disable notice and warning in PHP within .htaccess file?

EDIT: As this is a php_flag setting, you can of course also set it by default in your php.ini if you have custom instalation of PHP :)

Weiler answered 11/2, 2014 at 23:48 Comment(1)
"searching instead of working"... that is work!Klaus
P
10

The question is

How to prevent Warning: POST Content-Length

the answer is, without edit any config value, put this code at the very start of the file that will receive the form to be processed:

 <?php // here start your php file
 ob_get_contents();
 ob_end_clean();

That is. No more warning, as well anything else you do not want as output on your page. After, as suggested elsewhere you can decide what to do with:

if($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0){ echo"WoW your file is too big!"; }

Maybe also chunk the file, if in another way you pass correct values about file to be processed by Php.

as explained here Warning: POST Content-Lenght ...

Pelson answered 6/11, 2016 at 21:26 Comment(0)
H
1

I've got a similar problem to you, and wondered if you'd found a satisfactory solution. Currently, my 'PHP Warning: POST Content-Length of 21010354 bytes exceeds the limit of 8388608' is in the log, and I don't think there is much I can do about it.

I've working within a Zend framework, and when a user uploads a file as above, it basically kills all the usual POST data parsing, so the response to getParams() contains none of the usual POST parameters. This means the users is getting a validation error, saying one of the fields is missing, which is misleading.

In researching this, I've found a few interesting php_ini settings you might want to look at, notably enable_post_data_reading and always_populate_raw_post_data. In my case, I'm uploading a 20M file, with a 8M post max and a 10M uploaded file max, and the result from php://input seems to be a full on 20M file, even though the post data is now empty.

So I'm going to manually check if the raw data exceeds the limit, and assume everything failed if it did (and bail). I suggest you could write your own code to parse the raw data, to populate the $_POST data. Then you can startup your code, as you wish, and only when you're ready, check if the user has uploaded more data than the limit. It's down to you, to then return an error before parsing it, or if it's ok, to parse it. As long as you set the PHP post and upload limits, to above your user limit, it should allow the user to break the rules, allowing your code to detect the breech and complain about it.

Hennessy answered 8/6, 2015 at 16:14 Comment(0)
J
1

Here is the REAL solution to prevent this error properly.

Set this parameters in your php.ini :

enable_post_data_reading = On
upload_max_size=0
post_max_size=0

Warning : be sure to have this line in your form

<input type="hidden" name="MAX_FILE_SIZE" value="2048576" />

AND the MOST IMPORTANT :

  • be sure to check the code errors of $_FILES['file']['error']

  • be sure to check size of your upload in PHP too

Joletta answered 20/11, 2016 at 11:35 Comment(1)
Can you explain how this would safely work? Because enable_post_data_reading is On by default (Off would mean there would be no $_POST and $_FILES populated) and setting the latter 2 to 0 will turn off server-layer-limit completely so you are basically allowing to put in process files of ANY size...Weiler
H
0

As you have already found out for yourself, it is impossible to do it in PHP, since PHP can only catch errors from line 1 onwards.

The only way around would be to dig in the PHP source code, find where that error is thrown and remove that part from PHP sources before compiling your costume php version.

But be warned that the error message is thrown for a reason.

Hoodoo answered 11/2, 2014 at 18:16 Comment(1)
Well I belive that would help. But it is a WARNING, and over all - all common PHP errors are not worth recompiling PHP... I personally know only one type of error that is worth considering recompiling the whole PHP... and it is not any of the common thrown Errors/Warnings/Notices :)Weiler
B
-3

To Prevent this error to happen you have to check the size of the uploaded files before and in case they're to big you have to cancel the upload!

To just not show them i think it should be enough if you write in your php script

error_reporting(0);
Bratwurst answered 11/2, 2014 at 14:47 Comment(1)
This is both not what the OP asked, and it does not actually work. Startup errors can never be hidden through code (because they are thrown before any code is run).Stendhal
B
-5

1.You can check the file size before uploading in JavaScript but this can be tampered !

2.Check the file size after uploaded and before saving the file.

<?php

$size = filesize($uploaded_file);
if($size > $your_size_limit)
{
    echo "Throw bunch of errors";
}
else
{
    //save it
}
?>

3.Don't try to hide the errors to solve the problem.

Boundless answered 11/2, 2014 at 14:59 Comment(3)
4) You can actually use the web server, those nice shiny things that have been in development for decades and deny retardedly-large requests ever getting to the php side of play.Revisory
It is a warning. Not error (but sorry I made this typo first so I might have confused you). I normally dont do that, but in this case there is no way of preventing it (besides recompiling PHP). So hiding it and solving the problem by yourself seems to be better.Weiler
Its cannot check as you said.Upturn

© 2022 - 2024 — McMap. All rights reserved.