On Jul 23, 2008, at 6:12 PM, Michael Bayer wrote:
>
> On Jul 23, 2008, at 5:27 PM, Sergey Schetinin wrote:
>
>> Here's a snippet from paste.httpserver
>>
>> try:
>> content_length = int(self.headers.get('Content-
>> Length', '0'))
>> except ValueError:
>> content_length = 0
>> if not hasattr(self.connection, 'get_context'):
>> rfile = LimitedLengthFile(rfile, content_length)
>>
>> This means that if there's no Content-Length request header the
>> request body would not be available anyway (cropped to zero length).
>> If you're using paste.httpserver you can just write middleware to
>> reject requests with Content-Length too big. I'd recommend using
>> WebOb
>> as it would make this task rather trivial (under 10 lines of code I
>> think).
>
> hey.....that would work ! I didn't pick up earlier that
> LimitedLengthFile cuts off at the length given.
>
> This would probably be a good replacement for that given in the Pylons
> recipe (also don't need the cgi.maxlen either...which is not well
> documented).
I've illustrated what I've done for this here:
http://wiki.pylonshq.com/display/pylonscookbook/A+Better+Way+To+Limit+File+Upload+Size
I have a feeling that returning HttpBadRequest might have been the
issue within the "DirectCascade" middleware as well as far as closing
out the client connection, but in any case its better to not have to
hack into existing middleware (or to rely upon cgi.maxlen).
_______________________________________________
Paste-users mailing list
[email protected]
http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users
