PHP file uploads being "hijacked" by partial uploads

Question

I have a site that is receiving 30-40k photo uploads a day and I've been seeing an issue pop up with more frequency now. This issue is this:

Our upload script receives (via $_FILES['name']['tmp_name']) a file (photo) that was NOT uploaded by the user & the majority of the time the file received is a "partial" upload.

Of course at first I thought it was my PHP code making a simple mistake and I've spent days looking over it to make sure, but after placing checks in the code I've found that the file received via a HTTP POST upload to PHP is actually the wrong file. So the issue is happening before it reaches my code. The tmp file (phpxxxx) received by the script is sometimes incorrect, as if it was somehow being overwritten by another process and its usually overwritten by a file that was partially uploaded.

Has anyone every seen an issue like this? Any help is greatly appreciated. I'm turning to this as a last resort after days of searching/asking other PHP devs

So to recap:

• User uploads a photo
• PHP script receives a file that was not uploaded by the user (pre code, via $_FILES in /var/tmp)
• Usually the incorrect file received is a partial upload or a broken upload
• It seems to happen randomly and not all the time

Answer 1

First off, check you PHP version.

Second, check your file upload limits and POST_MAX_SIZE in php.ini

It might just be that someone tries to upload a file that's too large :-)