Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information


Test Description

This test determines if file uploads are enabled in PHP.

Security Implications

When you allow files to be uploaded to your system you assume a number of risks, files may not be what the appear (executables masquerading as images, php scripts uploaded and moved to a location where they may be run, et-cetera). If your site doesn't actually require file uploads, disabling this will prevent files from being accepted inadvertently.


If users of your application do not need to upload files, turn this feature off.

In php.ini:

; Disable file_uploads for security reasons
file_uploads = 'off'

The setting can also be disabled in apache's httpd.conf file:

# Disable file_uploads for security reasons
php_flag  file_uploads  off

More Information

« Test information index

Get PhpSecInfo