You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Geoffrey Young <gy...@laserlink.net> on 2000/04/27 20:33:35 UTC

RequestNotes and file uploads [was how to rewrite to a POST ]

I was looking at Apache::Request file uploads again.  IIRC, I decided to
prohibit file uploads early on in RequestNotes because at that time
RequestNotes was parsing the request and storing it in a hash and putting
that in pnotes and some suggested that blindly storing files in memory was a
bad idea.  Now, pnotes just holds the Apache::Table object created by
Apache::Request->parms(), though.

I think that creating a third pnotes entry containing Apache::Upload
arrayref works.  I tested it a bit and it seems ok using the $apr->upload
array.  I tried to pass an upload object back and access multiple files
using next(), but I couldn't get it to work (probably because I wasn't
calling something right).

anyway, since I don't ever deal with file uploads in real life, could those
of you who can test the following patch?  Sorry it's so lengthy...

TIA

--Geoff

--- RequestNotes.pm.old Thu Apr 27 13:36:02 2000
+++ RequestNotes.pm     Thu Apr 27 14:48:36 2000
@@ -16,7 +16,7 @@
 use Apache::Request;
 use strict;
 
-$Apache::RequestNotes::VERSION = '0.03';
+$Apache::RequestNotes::VERSION = '0.04';
 
 # set debug level
 #  0 - messages at info or debug log levels
@@ -28,12 +28,13 @@
 # initialize request object and variables
 #---------------------------------------------------------------------
   
-  my $r               = shift;
-  my $log             = $r->server->log;
+  my $r         = shift;
+  my $log       = $r->server->log;
 
-  my $maxsize         = $r->dir_config('MaxPostSize') || 1024;
+  my $maxsize   = $r->dir_config('MaxPostSize') || 1024;
+  my $uploads   = $r->dir_config('DisableUploads') =~ m/Off/i ? 0 : 1;
 
-  my %cookies         = ();         # hash for cookie names and values
+  my %cookies   = ();               # hash for cookie names and values
 
 #---------------------------------------------------------------------
 # do some preliminary stuff...
@@ -47,7 +48,7 @@
 
   # this routine works for either a get or post request
   my $apr = Apache::Request->new($r, POST_MAX => $maxsize,
-                                     DISABLE_UPLOADS => 1);
+                                     DISABLE_UPLOADS => $uploads);
   my $status = $apr->parse;
 
   if ($status) {
@@ -73,6 +74,12 @@
   }
   
 #---------------------------------------------------------------------
+# create an array of all Apache::Upload objects
+#---------------------------------------------------------------------
+
+  my @uploads = $apr->upload;
+
+#---------------------------------------------------------------------
 # grab the cookies
 #---------------------------------------------------------------------
 
@@ -92,6 +99,7 @@
 #---------------------------------------------------------------------
 
   $r->pnotes(INPUT => $input);
+  $r->pnotes(UPLOADS => \@uploads);
   $r->pnotes(COOKIES => \%cookies) if %cookies;
 
 #---------------------------------------------------------------------
@@ -118,8 +126,10 @@
 
     PerlInitHandler Apache::RequestNotes
     PerlSetVar MaxPostSize 1024
+    PerlSetVar DisableUploads On
 
   MaxUploadSize is in bytes and defaults to 1024, thus is optional.
+  DisableUploads defaults to On, and likewise is optional.
 
 =head1 DESCRIPTION
 
@@ -134,11 +144,17 @@
   some Perl*Handler or Registry script:
 
     my $input      = $r->pnotes('INPUT');
+    my $uploads    = $r->pnotes('UPLOADS');
     my $cookies    = $r->pnotes('COOKIES');
    
     # GET and POST data
     my $foo        = $input->get('foo');
  
+    # uploaded files
+    foreach my $upload (@$uploads) {
+      print $upload->name;
+    } 
+
     # cookie data
     my $bar        = $cookies->{'bar'};      # one way
 
@@ -154,7 +170,9 @@
   the names and values of all cookies sent back to your domain and
   path.  $input contains a reference to an Apache::Table object and
   can be accessed via Apache::Table methods.  If a form contains
-  both GET and POST data, both are available via $input.
+  both GET and POST data, both are available via $input. $uploads
+  contains a reference to an array containing all the Apache::Upload
+  objects for the request, which can be used to access uploaded files.
 
   Once the request is past the PerlInit phase, all other phases can
   have access to form input and cookie data without parsing it
@@ -162,10 +180,6 @@
   POST data is required by numerous handlers along the way.
 
 =head1 NOTES
-
-  Apache::RequestNotes does not allow for file uploads. If either a 
-  file upload was attempted, or the POST data exceeds MaxPostSize,
-  rather than return SERVER_ERROR it sets $Apache::RequestNotes::err.
 
   Verbose debugging is enabled by setting the variable
   $Apache::RequestNotes::DEBUG=1 to or greater. To turn off all debug




> -----Original Message-----
> From: Kip Cranford [mailto:kcranford@advance-inc.com]
> Sent: Thursday, April 27, 2000 11:32 AM
> To: Ken Y. Clark
> Cc: modperl@apache.org
> Subject: Re: how to rewrite to a POST 
> 
> 
> On: Thu, 27 Apr 2000 09:06:24 EDT "Ken Y. Clark" wrote:
> 
> >On Wed, 26 Apr 2000, David Hajoglou wrote:
> >
> >> so, is it possible to take a GET request and rewrite the 
> uri into a POST
> >> request and if so how?
> >
> >i'm not sure if that's really necessary.  you could just put 
> the GET args
> >into $r->pnotes, perhaps like so:
> >
> [ snip ]
> 
> This approach works, or you could use something like 
> Apache::RequestNotes.
> However, you still need to deal with file uploads 
> potentially, which I don't
> believe the RequestNotes does.
> 
> In my situation, file uploads are important, as is 
> authentication.  I check
> authentication credentials on every request, and redirect to 
> a login page
> immediately when the check fails.  In this case, posted 
> information (including
> the file upload information) would be lost, which isn't good 
> if the user uploaded
> a big file.  I work around this by doing a simple client-side 
> authentication
> check (I use cookies to hold a username, so just check to see 
> if it exists),
> which launches a sub-window allowing the user to authenticate 
> if their cookie
> has expired.  Not the most elegant, but the best I could come 
> up with right now.  
> 
> I also store all the request information in pnotes like 
> RequestNotes.  However,
> I also store a refrence to the file upload information (if 
> any) along with
> information on where the file contents are located.
> 
> If there are better solutions out there, I'm all ears!
> 
> 
> --kip
>