Hi, I think the file-upload is one of the areas in cocoon with not enough COP.
The cocoon implementation should allow any cocoon application developer to easily override the default implementation, and to handle the file byte stream, without re-implementing or hacking the multipart parser. Correct me if i'm wrong (i'm sure you will ;), but i don't think it's possible using the current code. I'd like to see cocoon more as an XML web application framework, than a XML publishing framework, and i think it's going that way. Thanks, Amir > -----Original Message----- > From: Bernhard Huber [mailto:[EMAIL PROTECTED]] > Sent: Sunday, October 13, 2002 1:14 AM > To: [EMAIL PROTECTED] > Subject: Re: [VOLUNTEER] Re: DO NOT REPLY [Bug 13541] New: - > SAVE_UPLOAD_FILES_TO_DISK should be configurable > > > hi, > don't know much about the upload internals, just some hints about the > directory handling > > >It seems to me that this is what is needed for > >starters: > >- files should not be uploaded and saved by default > >from any page. that has security hole written all > >over it. > >- when upload of a file is desired, there should be a > >configurable default directory (as there is now) _and_ > >the ability to designate alternative locations either > >in the sitemap, and _maybe_ via runtime/request > >parameters. > > > As a short hint, i remember that servlet-spec is quit > restrictive about > temporary > files there is a servlet config parameter, snippet from the > servlet spec 2.2 > --start-- > It is often useful for Application Developers to have a temporary > working area on the local > filesystem. All servlet containers must provide a private temporary > directory per servlet context and > make it available via the context attribute of > javax.servlet.context.tempdir. The > object associated with the attribute must be of type java.io.File. > --end-- > > Moreover the file should take the servlet session into > account if it is > available, as > more than one user may upload files. > > bye bernhard > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
