Can $_FILES[…]['size'] be forged?

Question

There\'s a well-known caveat about not trusting the MIME type sent via file upload in PHP ($_FILES[...][\'type\']) as this is sent by the HTTP client and could

Answer 1

Nope. I don't believe the $_FILES[]['size'] array can display false information. Maybe those who are concerned by it, may be referring to compression-related scenarios. Wherein the actual file may be compressed, to the point it does not reflect the file's real value.

As far as the size is concerned, the only part not to be trusted is the MAX_FILE_SIZE attribute