features/file-upload.xml
fc174e8d6162091550edde46159917ee7e5a2e73
fc174e8d6162091550edde46159917ee7e5a2e73
...
...
@@ -132,6 +132,15 @@
132
132
</para>
133
133
</listitem>
134
134
</varlistentry>
135
+
<varlistentry>
136
+
<term><varname>$_FILES['userfile']['full_path']</varname></term>
137
+
<listitem>
138
+
<para>
139
+
The full path as submitted by the browser. This value does not always contain a real directory structure, and cannot be trusted.
140
+
Available as of PHP 8.1.0.
141
+
</para>
142
+
</listitem>
143
+
</varlistentry>
135
144
</variablelist>
136
145
</para>
137
146
...
...
@@ -362,7 +371,7 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
362
371
<link linkend="ini.max-input-time">max_input_time</link> sets the maximum
363
372
time, in seconds, the script is allowed to receive input; this includes
364
373
file uploads. For large or multiple files, or users on slower connections,
365
-
the default of <literal>60 seconds</literal> may be exceeded.
374
+
the default of <literal>60</literal> seconds may be exceeded.
366
375
</simpara>
367
376
</warning>
368
377
<simpara>
...
...
@@ -386,12 +395,6 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
386
395
sensitive information in other directories.
387
396
</simpara>
388
397
<simpara>
389
-
Please note that the <productname>CERN httpd</productname> seems to strip off everything
390
-
starting at the first whitespace in the content-type mime header
391
-
it gets from the client. As long as this is the case, <productname>CERN httpd</productname>
392
-
will not support the file upload feature.
393
-
</simpara>
394
-
<simpara>
395
398
Due to the large amount of directory listing styles we cannot guarantee
396
399
that files with exotic names (like containing spaces) are handled properly.
397
400
</simpara>
...
...
@@ -462,6 +465,42 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
462
465
try to upload more files in one request than this limit.
463
466
</simpara>
464
467
</warning>
468
+
<para>
469
+
<example>
470
+
<title>Uploading an entire directory</title>
471
+
<simpara>
472
+
In HTML file upload fields, it is possible to upload an entire directory with the <literal>webkitdirectory</literal> attribute.
473
+
This feature is supported in most modern browsers.
474
+
</simpara>
475
+
<simpara>
476
+
With the <literal>full_path</literal> information, it is possible to store the relative paths,
477
+
or reconstruct the same directory in the server.
478
+
</simpara>
479
+
<programlisting role="html">
480
+
<![CDATA[
481
+
<form action="file-upload.php" method="post" enctype="multipart/form-data">
482
+
Send this directory:<br />
483
+
<input name="userfile[]" type="file" webkitdirectory multiple />
484
+
<input type="submit" value="Send files" />
485
+
</form>
486
+
]]>
487
+
</programlisting>
488
+
</example>
489
+
490
+
<warning>
491
+
<simpara>
492
+
The <literal>webkitdirectory</literal> attribute is non-standard and is not on a standards track.
493
+
Do not use it on production sites facing the Web: it will not work for every user.
494
+
There may also be large incompatibilities between implementations and the behavior may change in the future.
495
+
</simpara>
496
+
<simpara>
497
+
PHP only parses the relative path information submitted by the browser/user-agent,
498
+
and passes that information to the <varname>$_FILES</varname> array.
499
+
There is no guarantee that the values in the <literal>full_path</literal> array contains a real directory structure,
500
+
and the PHP application must not trust this information.
501
+
</simpara>
502
+
</warning>
503
+
</para>
465
504
</sect1>
466
505
467
506
<sect1 xml:id="features.file-upload.put-method">
468
507