perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: File uploads using Apache:;request in mod_perl2
Date Sat, 17 Jan 2004 03:34:24 GMT
Joe Schaefer wrote:
[...]
>>I'm not against adding the perl glue for APR::Brigade::flatten, quite
>>on the opposite I'm all for it. All I was saying is that users don't
>>need to know about the existance of APR::Brigade at all. Not only
>>because it's an unnecessary information to 99.9% of users out there,
>>but also because if tomorrow you decide to change the internal
>>implementation you will be now stuck with dependancy on that flatten
>>call. 
> 
> 
> My viewpoint on brigades has changed over the last year- they're
> so much more flexible than filehandles are. I now see upload->bb()
> as an abstraction of upload->fh(). 

You need the filehandle only if you use the temp file. In which case bbs are 
irrelevant. If you use slurp then there is are no filehandles. I think these 
are orthogonal.

> Since libapreq2 is a pure apr 
> application, I don't think the brigade APIs are ever coming out of 
> apreq2.  Increasing the apr-dependence doesn't seem harmful to me.

Yes, but reread this para. It took you quite time to grok bbs and appreciate 
them. It's good to appreciate and know how they work when you need more 
flexibility, better performance in certain cases and you don't just want to 
have this upload script working.

>>BTW, please remember that if and when you add slurp it should make
>>the slurped data tainted under -T/-t. Thanks Joe.
> 
> 
> +1. Should we mark normal params tainted as well?

CGI.pm uses normal read() to gets its data, which means that all data it 
returns via params is tainted. (but please double check). So I think the 
answer is yes.

I'm not sure whether mp1's and mp2's read return the data tainted. Can someone 
give it a test? I think mp2 doesn't and it should, something to look at.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html


Mime
View raw message