tcl-websh-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@dedasys.com (David N. Welton)
Subject Re: File Upload Question
Date Mon, 11 Mar 2002 08:22:26 GMT
Jason Brazile <jason@netcetera.ch> writes:

> While working on recent project, the customer asked me to please
> report which versions of the popular browsers support file upload.

> While investigating this, I ran across the following:

> 	The main technical challenge of handling file uploads is that
> 	it potentially involves sending more data to the CGI script
> 	than the script can hold in main memory. For this reason
> 	CGI.pm creates temporary files in either the /usr/tmp or the
> 	/tmp directory. These temporary files have names like
> 	CGItemp125421, and should be deleted automatically.

> Does websh also do this? And if not, should it?

We use 'readAndDumpBody' from formdata.c, which does indeed grab and
dump chunks to a file, so it looks like we do the right thing in this
case.

File upload stuff is a mess, in my opinion.  It's very difficult to
get right.  PHP's recent security hole was file upload related, for
instance.  If what we have now works, I'm averse to fiddle with it.

-- 
David N. Welton
   Consulting: http://www.dedasys.com/
     Personal: http://www.dedasys.com/davidw/
Free Software: http://www.dedasys.com/freesoftware/
   Apache Tcl: http://tcl.apache.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: websh-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: websh-dev-help@tcl.apache.org


Mime
View raw message