diff --git a/features/file-upload.xml b/features/file-upload.xml index 15bedbe3cd..e9a448f0be 100644 --- a/features/file-upload.xml +++ b/features/file-upload.xml @@ -1,5 +1,5 @@ - + Handling file uploads @@ -267,6 +267,11 @@ if (is_uploaded_file($HTTP_POST_FILES['userfile'])) { execution may be exceeded the value. Make sure to set max_execution_time large enough. + + If post_max_size is set too small, large file + cannot be uploaded. Make sure to set + post_max_size large enough. + Not validating which file you operate on may mean that users can access sensitive information in other directories.