I'm in need of a 'good' method to limit files uploaded via mod_perl2 (
to photos of gif/jpg/png 100k or less)
How have others approached this? I haven't found much on the subject
(and it took me FOREVER to figure out that i needed to use
Apache::Upload() for mp2!)
With the test code below, i've noticed some interesting things:
1- depending on the browser, if $req{POST_MAX} or the form
MAX_FILE_SIZE is exceeded, nothing can happen. this is a browser
crappiness issue, correct?
1b - if the POST_MAX is exceeded, is it possible to find out that this
happened and act appropriately on it?
2 - i've noticed a type of "image/jpeg" "image/gif" "image/png" for
uploaded file types. can this be relied on to any extent?
Right now, I'm thinking the following validation process - is this too
much, or too little?:
stage 1, accept the file if the 'type' is image/jpeg image/gif
image/png
stage 2, accept the file if the extension is ok (png/jpg/jpeg/gif) and
it matches the filetype
stage 3, (is this needed, or is this previously done to get the type
?) read the beginning of the file to make sure that it is a valid image
I'm also a little unsure of saving the file. Right now, I'm going to
save to disk, but in the future i may want to do this via Danga's
MogileFS
In either situation, there seems to be far too many options on how to
do this!
Can anyone suggest what would be the more appropriate?
a - rename $upload->tempname() to the destination ( is $upload->link a
safe way of doing this? or does upload->link create a new link and
leave the tmpfile?)
b - $upload->slurp($contents); write $contents to a file/object
c - read $upload->fh, $fh_data, $size; write $fh_data to file/object
d - do something with io that i dont understand
So far
--------
handler:
use Apache::Upload(); #required to access upload in mp2
my $r = shift;
my $req = Apache::Request->new( $r , DISABLE_UPLOADS=>0,
POST_MAX=>100000 );
--------
upload page html
<form action="" method="POST" name="pForm" id="pForm"
enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input id="photo" type="file" name="photo" /> <br />
Use a GIF, JPG, or PNG file (maximum size of 100KB)
<input type="submit" name="submit" value="Upload">
--------
upload page perl
my $upload = $this->{'User'}{'ApacheRequest'}->upload("photo");
my $filename = $upload->filename;
my $filehandle = $upload->fh;
my $size = $upload->size;
my $type = $upload->type;
my $info = $upload->info;
DEBUG >0 && print STDERR "\n";
DEBUG >0 && print STDERR "clientside filename -
'$filename'\n"; DEBUG >0 && print STDERR "size - '$size'\n";
DEBUG >0 && print STDERR "spool filehandle - '$filehandle'\n";
DEBUG >0 && print STDERR "type - '$type'\n"; while
(my($hdr_name, $hdr_value) = each %$info)
{
print STDERR "info - '$hdr_name',''\n"; }
- Question: Limiting Filetypes Uploaded Jonathan Vanasco
- Re: Question: Limiting Filetypes Uploaded Dan Wilga
- Re: Question: Limiting Filetypes Uploaded Jonathan Vanasco
- Re: Question: Limiting Filetypes Uploaded Richard F. Rebel
- Re: Question: Limiting Filetypes Uploade... jonathan vanasco
- Re: Question: Limiting Filetypes Up... Richard F. Rebel
- Re: Question: Limiting Filetype... Jonathan Vanasco
- Re: Question: Limiting Filetypes Uploaded Dan Wilga