tcl-websh-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David N. Welton)
Subject Re: File Upload Question
Date Mon, 11 Mar 2002 08:22:26 GMT
Jason Brazile <> writes:

> While working on recent project, the customer asked me to please
> report which versions of the popular browsers support file upload.

> While investigating this, I ran across the following:

> 	The main technical challenge of handling file uploads is that
> 	it potentially involves sending more data to the CGI script
> 	than the script can hold in main memory. For this reason
> creates temporary files in either the /usr/tmp or the
> 	/tmp directory. These temporary files have names like
> 	CGItemp125421, and should be deleted automatically.

> Does websh also do this? And if not, should it?

We use 'readAndDumpBody' from formdata.c, which does indeed grab and
dump chunks to a file, so it looks like we do the right thing in this

File upload stuff is a mess, in my opinion.  It's very difficult to
get right.  PHP's recent security hole was file upload related, for
instance.  If what we have now works, I'm averse to fiddle with it.

David N. Welton
Free Software:
   Apache Tcl:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message