wp_max_upload_size() is not taking memory limit into account

[hakre]

wp_max_upload_size() is not taking a memory limit into account while checking for the maximum upload size.

according to the official php documentation the memory limit is limiting file uploads as well (and post form operations).

post_max_size - integer

Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize. If memory limit is enabled by your configure script, memory_limit also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size.

​Source

[hakre]

Related: #4240, #6735, #10495, #10830, #13418

[hakre]

It might be better to name the filter upload_memory_limit, so take it as suggestion only - if filtering that is even considered.

[hakre]

Related: #13418

[dd32]

A filter is not needed here, However, the ini_get() may return incorrect information, It may have been upped already by something such as WP_MEMORY_LIMIT.

[hakre]

ini_set(), ini_get() and ini_restore() php example

[hakre]

Replying to dd32:

I ​added a demo script which outputs the following (Fedora 13):

initial value: "128M"
new value: "42M"
old value: "128M"
current value: "42M"
original value: "128M"

So the original value should be taken into account as that's the one that comes into play at times of the upload procedure.

[hakre]

Updated patch reflecting original php.ini memory_limit value and only if memory_limit is active. Containing a filter.

[hakre]

Updated patch reflecting original php.ini memory_limit value and only if memory_limit is active. W/o a filter.

[hakre]

Better compare against -1 for no memory limit.

[hakre]

Replying to dd32:

A filter is not needed here, However, the ini_get() may return incorrect information, It may have been upped already by something such as WP_MEMORY_LIMIT.

I've uploaded some new patches that reflect both concerns, the filter and the original value. This still needs some tests (e.g. what happens if 64 MB are consumed but setting get's restored to 16 MB original value - would that do a fatal error?) but tries to address accessing the original settings value.

[hakre]

Did run some tests now, lowering the memory_limit configuration value while having more memory in use than the set value will not fatal error. Method in patch looks save.

[antpb]

Refreshed patch above. Added syntax to the proper file and updated the deprecated function changed in v2.3

wp_convert_bytes_to_hr

is now

size_format

[wonderboymusic]

5.2.1	Compiling with --enable-memory-limit is no longer required for this function to exist.

[dd32]

In the real world, the memory limit doesn't appear to limit the upload size.

With my memory limits set to 40M I'm able to upload a 100MB file without issue.

PHP's behaviour may have changed in the last few years, but the documentation now reads:

Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize. Generally speaking, memory_limit should be larger than post_max_size.

Since there's been no reports of issues surrounding this, i'm marking this as invalid unless someone can track down where/when it affected PHP.