diff --git a/features/file-upload.xml b/features/file-upload.xml index 3348703ed9..c0edb4a941 100644 --- a/features/file-upload.xml +++ b/features/file-upload.xml @@ -1,5 +1,5 @@ - + Handling file uploads @@ -65,8 +65,7 @@ The MAX_FILE_SIZE hidden field (measured in bytes) must - precede the file input field, and its value is the maximum filesize accepted. - This is an advisory to the browser, PHP also checks it. + precede the file input field, and its value is the maximum filesize accepted by PHP. Fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. The PHP settings for maximum-size, however, cannot be fooled.