As the Webrick hp seems to be unreachable (from here), a question:
Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.
As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.
thanks for pointers,
Martin
Hi,
In message 4050cf76$0$29350$3b214f66@aconews.univie.ac.at,
Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.
How about the attached sample?
As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.
Request body is not read from socket when servlets are
started. If the value of content-length is too large, we can
pass the process of servlets by raising an exception. But
HTTPServer is going to read the body before sending response;-)
Is it better that there is a way to shutdown the socket
without reading request?
···
`Martin Pirker nospam@tugraz.at’ wrote:
–
gotoyuzo
require “webrick”
class PostSampleServlet < WEBrick::HTTPServlet::AbstractServlet
def initialize(server, limit)
@max_content_length = limit
super
end
def do_GET(req, res)
content_length = req[‘content-length’].to_i
if content_length > @max_content_length
raise WEBrick::HTTPStatus::BadRequest, “body is too large”
end
if data = req.query[“data”]
filename = data.filename
end
res.body =<<-end_of_html
filename = #{WEBrick::HTMLUtils.escape(filename.inspect)}
#{WEBrick::HTMLUtils.escape(data)}
_end_of_html_
res["content-type"] = "text/html"
end
def do_POST(req, res)
do_GET(req, res)
end
end
svr = WEBrick::HTTPServer.new(:Port=>10080)
svr.mount(“/”, PostSampleServlet, 100000)
trap(:INT){ svr.shutdown }
svr.start
Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.
How about the attached sample?
That’s an informative sample - thanks!
I almost guessed it could be done with such small code, only one has to
know how…
I made a printout of all the webrick code and hopefully find more about
how this thing ticks inside
As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.
Request body is not read from socket when servlets are
started. If the value of content-length is too large, we can
pass the process of servlets by raising an exception. But
HTTPServer is going to read the body before sending response;-)
Is it better that there is a way to shutdown the socket
without reading request?
It would be good to stop reading unwanted data, otherwise one with
a fast connection can almost denial of service other slow (modem) users.
Ok, the really evil attacker who fakes the Content-Length header maybe
cannot be stopped, but the “wrong file” uploader shouldn’t affect the
server performance so much.
Martin
···
GOTOU Yuuzou gotoyuzo@notwork.org wrote:
`Martin Pirker nospam@tugraz.at’ wrote: