I'm in need of a 'good' method to limit files uploaded via mod_perl2 ( to photos of gif/jpg/png 100k or less)

How have others approached this? I haven't found much on the subject (and it took me FOREVER to figure out that i needed to use Apache::Upload() for mp2!)

With the test code below, i've noticed some interesting things:
1- depending on the browser, if $req{POST_MAX} or the form MAX_FILE_SIZE is exceeded, nothing can happen. this is a browser crappiness issue, correct?
1b - if the POST_MAX is exceeded, is it possible to find out that this happened and act appropriately on it?
2 - i've noticed a type of "image/jpeg" "image/gif" "image/png" for uploaded file types. can this be relied on to any extent?


Right now, I'm thinking the following validation process - is this too much, or too little?:
stage 1, accept the file if the 'type' is image/jpeg image/gif image/png
stage 2, accept the file if the extension is ok (png/jpg/jpeg/gif) and it matches the filetype
stage 3, (is this needed, or is this previously done to get the type ?) read the beginning of the file to make sure that it is a valid image


I'm also a little unsure of saving the file. Right now, I'm going to save to disk, but in the future i may want to do this via Danga's MogileFS
In either situation, there seems to be far too many options on how to do this!
Can anyone suggest what would be the more appropriate?
a - rename $upload->tempname() to the destination ( is $upload->link a safe way of doing this? or does upload->link create a new link and leave the tmpfile?)
b - $upload->slurp($contents); write $contents to a file/object
c - read $upload->fh, $fh_data, $size; write $fh_data to file/object
d - do something with io that i dont understand



So far
--------
handler:
use Apache::Upload(); #required to access upload in mp2
my $r = shift;
my $req = Apache::Request->new( $r , DISABLE_UPLOADS=>0, POST_MAX=>100000 );


--------
upload page html
<form action="" method="POST" name="pForm" id="pForm" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input id="photo" type="file" name="photo" /> <br />
Use a GIF, JPG, or PNG file (maximum size of 100KB)
<input type="submit" name="submit" value="Upload">


--------
upload page perl
my $upload = $this->{'User'}{'ApacheRequest'}->upload("photo");
my $filename = $upload->filename;
my $filehandle = $upload->fh;
my $size = $upload->size;
my $type = $upload->type;
my $info = $upload->info;
DEBUG >0 && print STDERR "\n";
DEBUG >0 && print STDERR "clientside filename - '$filename'\n"; DEBUG >0 && print STDERR "size - '$size'\n";
DEBUG >0 && print STDERR "spool filehandle - '$filehandle'\n";
DEBUG >0 && print STDERR "type - '$type'\n"; while (my($hdr_name, $hdr_value) = each %$info)
{
print STDERR "info - '$hdr_name',''\n"; }


Reply via email to