I've been testing the "$CGI::DISABLE_UPLOADS" and "$CGI::POST_MAX"
variables and I don't think I've got it feature working as it should.
The docs say this:
"CGI.pm also has some simple built-in protections against denial of
service attacks, but you must activate them before you can use them.
<snip>
$CGI::POST_MAX
If set to a non-negative integer, this variable puts a ceiling
on
the size of POSTings, in bytes. If CGI.pm detects a POST that is
greater than the ceiling, it will immediately exit with an error
message."
It seems to me that my script will not exit until uploading the entire
POST has been completed. So, here are my questions about this:
Do I misunderstand the above? (ie. the script should upload the entire
POST before exiting with an error)
Is there something wrong with my test script (I suspect this must be
the case, please see it below)
Or... is there something wrong with CGI.pm? (this seems to be a
longshot)
I'd really appreciate any help you all can give me with this.
Kindest Regards,
--
Bill Stephenson
<code>
#!/usr/bin/perl
# deny_upload.cgi
use CGI;
use File::Basename;
use strict;
$CGI::POST_MAX=1024 * 5; # max 100K posts
$CGI::DISABLE_UPLOADS = 1; # no uploads
my $Q = new CGI;
my $message;
# trap error with this...
if (!$Q->param('file') && $Q->cgi_error()) {
$message = $Q->cgi_error();
&error_trap( "$message");
}
# or this...
# if ($Q->cgi_error()) {
# $message = $Q->cgi_error();
# &error_trap( "$message");
# }
if (!$Q->param) {
print $Q->header;
print qq ~<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<title>Upload Test</title>
</head>
<body>
<form id="upload_logo_form" method="post"
action="/cgi-bin/test/deny_upload.cgi" enctype="multipart/form-data">
<input type="file" name="file" size="30">
<p><textarea name="text" rows="4" cols="40">put too much text in
here</textarea></p>
<input type="submit" name="upload" value="Upload Stuff">
</form>
</body>
</html>~;
exit 0;
}
# get on to uploading the file...
if ($Q->param('file')) {
my $data;
my $filePath;
my $file = $Q->param('file');
fileparse_set_fstype("MSDOS");
$file = basename($file);
$filePath = "/test/$file";
open (SAVE,">$filePath") or &error_trap($message= " Error:: $! :: Can
Not Upload $file: \n");
while (read($Q->param('file'),$data,1024)) {print SAVE $data;}
close SAVE;
print $Q->header;
print $Q->start_html(-title => "Uploaded it anyway");
print "Uploaded it anyway";
print $Q->end_html;
exit 0;
}
if ($Q->param('test')) {
print $Q->header;
print $Q->start_html(-title => "Lotsa Text");
print $Q->param('test');
print $Q->end_html;
exit 0;
}
sub error_trap {
print $Q->header;
print $Q->start_html(-title => "MyApp Error Screen");
print "$message";
print $Q->end_html;
exit 0;
}
</code>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
