Description
Description
If the value for upload_max_filesize is set to a non numeric value in the php.ini then it's not clear how the system is going to behave. For instance set
upload_max_filesize = bogus
in the php.ini file.
ini_get and phpinfo return the bogus string. As far as I can tell there is no limit enforced on uploads in this case but no warnings or errors are reported. This behavior is undocumented.
Other invalid values produce different results
upload_max_filesize = 1zz
Appears to set the limit to 1 byte. In general it appears that trailing input is ignored. This makes it very difficult to interpret the results of ini_get because that will return the value as it exists in the ini file but without knowing the exact rules it's impossible to convert this to the actual limit that PHP will enforce. In turn this makes it difficult to write diagnostic tools to try to detect why uploads are failing and suggest to users how to fix it.
Ideally to the extent that PHP is normalizing the value in the ini file, ini_get should return the normalized value that PHP is using. A completely invalid value should probably not be interpreted as "no limit whatsoever". That seems to invite an unfortunate typo turning into a potential DOS issue.
PHP Version
PHP 8.3.0
Operating System
Windows 10