|
Clodoaldo
clodoaldo.pinto.neto at gmail.com
Fri Feb 2 09:29:25 EST 2007
2007/2/1, Martijn Moeling <martijn at xs4us.nu>: > I think we need to write an imput filter which looks for 'POST' requests > and checks the Content-length from headers_in, at the other hand I found > this: > > 8<----------------------------- > I can understand you wanting to reject a request based on input > content length being larger than a certain amount, but not what > would be gained from modifying the content length. > > As long as you aren't using mod_python.publisher, you could insert > into your handler before you use the FieldStorage class a check of > the req.headers_in["content-length"] field to see if the combined total > of all form parameters in the POST containing the upload was > greater than some amount and reject it on that basis. Not sure if > the req.clength is the same thing as the "content-length" header or > not. > > Without duplicating what FieldStorage does, can't see how you would > be able to reject it based on just the file upload part of a multipart > POST request being larger than a certain size. > > Graham > 8<----------------------------- > > Mb=1025*1024 > if req.headers_in.has_key('content-length'): > if int(req.headers_in["content-length"])>Mb and > req.method=='POST': > req.write('Error Filesize exeeded 1MB') > req.log_error('filesize to big: > '+str(req.headers_in['content-length'])) > form=util.FieldStorage(req,keep_blank_values=True) > return apache.OK > > This works, but the apache.OK terminates the upload with an error > message, Calling the form=Fieldstorage, make the upload finish and > properly send the error message to the browser. > > I have just tested this and it works I tried this in my publisher module upload_fotos.py uploading a 100MB file: if req.headers_in.has_key('content-length'): if int(req.headers_in['content-length'])> 2097152: s = """<html><body>Tamanho maior que 2 MegaBytes</body></html>""" return s It works, but only after the whole file has been uploaded so it is not a solution. I also tried an input filter: <Directory /var/www/html/carroarodo.com> SetHandler mod_python PythonHandler ~/_publisher.py PythonOption mod_python.importer.path "['~/mod']" PythonInputFilter upload_size UPLOADSIZE </Directory> $ cat _publisher.py from mod_python import publisher def handler(req): req.add_output_filter('DEFLATE') req.add_input_filter('UPLOADSIZE') return publisher.handler(req) $ cat upload_size.py from mod_python import apache def inputfilter(filter): filter.req.size_excess = False if filter.req.headers_in.has_key('content-length'): if int(filter.req.headers_in['content-length'])> 5000: #2097152: filter.req.size_excess = True filter.req.log_error('size_excess: %s' % filter.req.size_excess) filter.pass_on() And in my publisher module: if req.method == 'POST': if req.size_excess: s = """<html><body>Tamanho maior que 2 MegaBytes</body></html>""" return s Again it works but only after the whole file was uploaded. I guess it is just not possible to block a large file upload before it is uploaded when using the publisher. Given the very rare lack of response from the core devs I suppose this post is simple stupid because I'm using the publisher and I had better give up and try to not use it for this particular task. Regards, -- Clodoaldo Pinto Neto
|