in reply to file upload, max_post, and cgi-error

I hav'nt been playing around with cgi much lately, but I recall having trouble getting the post_max stuff to work right. I seem to remember that often the cgi script would sometimes actually upload the entire file, no matter the size, before reporting the file exceeded the max size.

So I just resort to using the CONTENT_LENGTH 

my $maxsize = 1024 * 100; #max 100K 
my $upload_dir='uploads';
my $q = new CGI;
print $q->header();

if($ENV{CONTENT_LENGTH} > $maxsize){
 print "file too large - must be less than $maxsize bytes";
 exit;
 }

[download]
I'm not really a human, but I play one on earth. flash japh

Replies are listed 'Best First'.
Re^2: file upload, max_post, and cgi-error
by nponte (Initiate) on Oct 05, 2004 at 17:19 UTC
    I've been able to do that OK. But the problem is CGI must download to a temp file on your server before passing control to your script, exposing you to denial of service attacks. If I can't trap it via cgi_error my server is at risk. The interesting thing about this is that I can still execute code to send myself an email after trying to put out the html msg to the user. It looks like CGI is somehow disconnecting from the process. I've tried reinstantiating CGI after getting the error but still no luck.
[reply]

      Uh, okay, errr... maybe try...?

      #!...perl -T
use strict;
eval {
    # entire script as before but try 'require CGI' instead of 'use'
};
deal_with_problem($@) if $@;
sub deal_with_problem {
    # mail, print feedback page, etc
}

      [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom