httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <>
Subject Re: Problem use Apache::Upload
Date Fri, 30 Jul 2004 19:46:26 GMT
Markus Wichitill <> writes:

> So is parse() still the recommended way of checking for upload errors?

Yes, if you're really demanding a final status (versus a current one),
and you're not writing a content-handler.

> I've tried body_status(), however that only returns 70008 (APR_TIMEUP?
> huh?)

which means the parser still hasn't seen some of the post data.
This is *not* an error status.

> Ok, I think I got the wrong impression that it's required because small
> parameters after file uploads that are bigger than POST_MAX are cut off,

If the post data exceeds POST_MAX, the parser should enter an error
state and refuse to parse any more data.  Some of the post data
beyond POST_MAX may wind up getting parsed, and more of it does
when you call $req->parse than when you don't.  But that's not by
design, so it's not a behavior you can rely on in an application.  
Someday someone may fix this by ensuring that absolutely nothing 
after POST_MAX ever gets parsed.


> On Win32 however, posting a big upload > POST_MAX and then calling parse() to
> get the status will crash Apache. I can reproduce that by using a 4MB file in
> upload.t, setting POST_MAX=1MB and calling parse() in

parse() in void context is supposed to croak in that case, but it 
shouldn't ever crash the server (as a last resort mod_perl should 
catch the exception, so eg. the tempfiles should still get cleaned up).

Can you please show us, explicitly, what happens?

> Sorry, no test patch since my modifications to upload.t are too ugly
> (a copy of the second foreach loop with a hardcoded filename basically).

For bug reporting this is certainly ok by me.  All we can
reasonably expect is to be able to reproduce the bug. It's 
IMO the committers' responsibility to turn your bug report into
a regression test (although it certainly helps a lot if you're
able to do that yourself).

Joe Schaefer

View raw message