Re: CGI.pm POST_MAX not working

hi adjuvant,

..mmh what I'd try too will be setting $CGI::POST_MAX even before CGI::Carp or even in a BEGIN block just after use CGI

you can also try to do the job on your own, like in A serious security problem with CGI.pm 3.01?:

BEGIN # run before anything
{
  my $POST_MAX = -1;
  my $CL = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 
+0;

    if(($POST_MAX > 0) and ($CL > $POST_MAX))
    {
        print "Content-Type: text/plain\n",
              "Status: 413\n\n",
              "413 Request entity too large";
        exit;
    }
}
[download]

Infact this seems very simliar to what happens in the CGI.pm code:

METHOD: {

      # avoid unreasonably large postings
      if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
    #discard the post, unread
    $self->cgi_error("413 Request entity too large");
    last METHOD;
      }
[download]

You can insert temporarly some debug statements here in the module to dump what $content_length is at the moment.

There are no rules, there are no thumbs..
Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.

Comment on Re: CGI.pm POST_MAX not working Select or Download Code

Replies are listed 'Best First'.
Re^2: CGI.pm POST_MAX not working by adjuvant (Novice) on Jan 20, 2018 at 23:07 UTC
Cool. Thank you. Now that poj has pointed out the apparently obvious to me below, I like your begin-block approach as it provides for better error-handling and can give the user with more useful feedback. Thanks for taking the time to reply.	[reply]
Re^2: CGI.pm POST_MAX not working by Anonymous Monk on Jan 20, 2018 at 23:21 UTC
..mmh what I'd try too will be setting $CGI::POST_MAX even before CGI::Carp or even in a BEGIN block just after use CGI No need for any such extra typing , the documentation doesn't lie, and it is as simple as `use CGI; $CGI::POST_MAX=...; ...` and it should works 100% of the time. you can also try to do the job on your own, like in A serious security problem with CGI.pm 3.01?: No no no, that node is ~two decades old. If you're using CGI.pm that old upgrade. Infact this seems very simliar to what happens in the CGI.pm code: You can insert temporarly some debug statements here in the module to dump what $content_length is at the moment. A presumed beginner is supposed to debug CGI.pm? No way. Not funny. No. See also Detecting when a $CGI::POST_MAX limit is exceeded and CGI.pm file upload freaking me out Meh, long and exactly relevant .... shortcut https://metacpan.org/pod/CGI#Retrieving-cgi-errors	[reply] [d/l]