POST example for webrick?

As the Webrick hp seems to be unreachable (from here), a question:

Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.

As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.

thanks for pointers,
Martin

Hi,

In message 4050cf76$0$29350$3b214f66@aconews.univie.ac.at,

Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.

How about the attached sample?

As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.

Request body is not read from socket when servlets are
started. If the value of content-length is too large, we can
pass the process of servlets by raising an exception. But
HTTPServer is going to read the body before sending response;-)

Is it better that there is a way to shutdown the socket
without reading request?

···

`Martin Pirker nospam@tugraz.at’ wrote:


gotoyuzo

require “webrick”

class PostSampleServlet < WEBrick::HTTPServlet::AbstractServlet
def initialize(server, limit)
@max_content_length = limit
super
end

def do_GET(req, res)
content_length = req[‘content-length’].to_i
if content_length > @max_content_length
raise WEBrick::HTTPStatus::BadRequest, “body is too large”
end
if data = req.query[“data”]
filename = data.filename
end
res.body =<<-end_of_html

filename = #{WEBrick::HTMLUtils.escape(filename.inspect)}
#{WEBrick::HTMLUtils.escape(data)}
_end_of_html_ res["content-type"] = "text/html" end

def do_POST(req, res)
do_GET(req, res)
end
end

svr = WEBrick::HTTPServer.new(:Port=>10080)
svr.mount(“/”, PostSampleServlet, 100000)
trap(:INT){ svr.shutdown }
svr.start

Is there somewhere some example code for handling a file upload via
webrick, meaning a simple form with a (local) file selector, then doing
a POST(?) operation and webrick receives and dumps the file somewhere.

How about the attached sample?

That’s an informative sample - thanks!
I almost guessed it could be done with such small code, only one has to
know how…

I made a printout of all the webrick code and hopefully find more about
how this thing ticks inside :slight_smile:

As a must requirement, there must be a way to restrict upload size
(e.g. 100kb) to stop malicious users.

Request body is not read from socket when servlets are
started. If the value of content-length is too large, we can
pass the process of servlets by raising an exception. But
HTTPServer is going to read the body before sending response;-)

Is it better that there is a way to shutdown the socket
without reading request?

It would be good to stop reading unwanted data, otherwise one with
a fast connection can almost denial of service other slow (modem) users.

Ok, the really evil attacker who fakes the Content-Length header maybe
cannot be stopped, but the “wrong file” uploader shouldn’t affect the
server performance so much.

Martin

···

GOTOU Yuuzou gotoyuzo@notwork.org wrote:

`Martin Pirker nospam@tugraz.at’ wrote: