Mikhail Teterin <[EMAIL PROTECTED]> writes:
> On 14 Jun, David N. Welton wrote:
> > libapreq is a small C library for handling variables and file uploads.
> > I don't actually use it as a library, so that people don't have to
> > download an extra package.
> I'd actually prefer to see the extra package -- so there is no
> replication of code like this :)
Of course, this is better, but untill apreq is common, I'll just
include the 6 files in mod_dtcl. I suppose I could do something
similar in Debian, given that it has a dependency system as well...
But maintaining different versions is more hassle than it's worth,
IMO.
> There is a FreeBSD port of libapreq, it turns out. So I'll let its
> maintainer know about my patches and modify the mod_dtcl port to
> depend on the libapreq port instead of compiling its own... This
> way, the same library can be shared between TCL and Perl users.
Great - at some point in the future, I may want to borrow this work
for the main dtcl tree so that this is the standard behaviour. I
would highly encourage you to at least post your changes to the apreq
list, so you can discuss them directly, instead of passing them
through the apreq maintainer.
> However, apreq, IMO, suffers from the same drawback many upload
> handling APIs do -- the application only gets access to the file
> once it is fully uploaded. This opens the server to DoS attacks and
> others.
There is an upload callback which I added to the code to be able to
upload to Tcl variables. It could probably be exanded to do more...
> For example, if I only expect JPEG files, I can stop the upload of
> something else after the first 512 bytes...
I am going to add an 'upload' command to dtcl, which I will try and
make as flexible as possible.
Thanks,
--
David N. Welton
Free Software: http://people.debian.org/~davidw/
Apache Tcl: http://tcl.apache.org/
Personal: http://www.efn.org/~davidw/
Work: http://www.innominate.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
