Thread: [Cppcms-users] Check space left on device before file upload
Brought to you by:
artyom-beilis
Menu
▾
▴
cppcms-users
|
From: Julian P. <ju...@wh...> - 2012-07-10 19:54:13
Attachments:
0xD8407950.asc
|
Hallo, on some of our embedded platforms a problem occurred that seems related to the fact, that libcppcms doesn't seem to check the available space in the location for uploaded files before it accepts an upload from the browser, resulting in incomplete files (libcppcms seems to throw away anything it can't write anymore). Nevertheless, there is no feedback given to our code that something went wrong during upload and our code can't show any specific error to the user because it doesn't know that there had been a problem during upload. In my opinion, libcppcms should do one (or maybe both) of these two things to help application code to display detailed error messages to the user: 1) Check available disk space after client sent Content-Length header, decide whether to accept the request or not 2) Notify the application code, that upload failed because of too less disk space (maybe one could do this via the existing infrastructure of invoking validate() on the upload form field's widget instance and adding another method that would return any occurred errors) Best regards, Julian |
|
From: <ele...@ex...> - 2012-07-11 05:09:34
|
> 1) Check available disk space after client sent Content-Length header, > decide whether to accept the request or not I suppose, the header could be forged, just like content-type. > 2) Notify the application code, that upload failed because of too less > disk space (maybe one could do this via the existing infrastructure of > invoking validate() on the upload form field's widget instance and > adding another method that would return any occurred errors) Please have a look at boost::filesystem::space_info as it should do the trick. Petr |
|
From: Lee E. <lee...@gm...> - 2012-07-11 07:41:50
|
On Wed, Jul 11, 2012 at 8:09 AM, <ele...@ex...> wrote: > > 1) Check available disk space after client sent Content-Length header, > > decide whether to accept the request or not > > I suppose, the header could be forged, just like content-type. > > Even if it was not forged - the multi threaded nature of web apps (and OS for that matter) means that an available space now might not be there while the file uploads. > > 2) Notify the application code, that upload failed because of too less > > disk space (maybe one could do this via the existing infrastructure of > > invoking validate() on the upload form field's widget instance and > > adding another method that would return any occurred errors) > > Please have a look at boost::filesystem::space_info as it should do the > trick. > > boost::filesystem::space_info will not tell you if the upload failed - the solution has to come from inside cppcms. The library needs to give some status for the file upload widget that will say whether the file was uploaded all right or not. The set() member function should give you this indication but it does not set to false if the upload fails to load completely Petr > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > -- -- lee Lee Elenbaas lee...@gm... |
|
From: Artyom B. <art...@ya...> - 2012-07-11 08:17:28
|
See, the code that handles file upload works before the request is handled to application, if the request fails the request would not even be transfered. If you afraid that there is not enough space, in the form you should reflect this in the upload form BEFORE user uploads the file. Also as Lee Elenbaas said, it is not really possible to check if there is enough space as it may be changed during upload progress. What would happen is that request would fail and the "temporary file should be deleted automatically" if it is not please fill a bug report. Artyom Beilis -------------- CppCMS - C++ Web Framework: http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/ >________________________________ > From: Julian Pietron <ju...@wh...> >To: cpp...@li... >Sent: Tuesday, July 10, 2012 10:36 PM >Subject: [Cppcms-users] Check space left on device before file upload > >Hallo, > >on some of our embedded platforms a problem occurred that seems related >to the fact, that libcppcms doesn't seem to check the available space in >the location for uploaded files before it accepts an upload from the >browser, resulting in incomplete files (libcppcms seems to throw away >anything it can't write anymore). Nevertheless, there is no feedback >given to our code that something went wrong during upload and our code >can't show any specific error to the user because it doesn't know that >there had been a problem during upload. > >In my opinion, libcppcms should do one (or maybe both) of these two >things to help application code to display detailed error messages to >the user: >1) Check available disk space after client sent Content-Length header, >decide whether to accept the request or not >2) Notify the application code, that upload failed because of too less >disk space (maybe one could do this via the existing infrastructure of >invoking validate() on the upload form field's widget instance and >adding another method that would return any occurred errors) > >Best regards, >Julian > >------------------------------------------------------------------------------ >Live Security Virtual Conference >Exclusive live event will cover all the ways today's security and >threat landscape has changed and how IT managers can respond. Discussions >will include endpoint security, mobile security and the latest in malware >threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >_______________________________________________ >Cppcms-users mailing list >Cpp...@li... >https://lists.sourceforge.net/lists/listinfo/cppcms-users > > > |
|
From: Julian P. <ju...@wh...> - 2012-07-11 08:27:07
Attachments:
0xD8407950.asc
|
Am 11.07.2012 09:41, schrieb Lee Elenbaas: > > > On Wed, Jul 11, 2012 at 8:09 AM, <ele...@ex... > <mailto:ele...@ex...>> wrote: > > > 1) Check available disk space after client sent Content-Length > header, > > decide whether to accept the request or not > > I suppose, the header could be forged, just like content-type. > > Even if it was not forged - the multi threaded nature of web apps (and > OS for that matter) means that an available space now might not be > there while the file uploads. Yes, even if in our special case one could be quite sure that space is available even during upload, but I agree that this cannot be generalized. Another possibility would be to just close connection as soon as writing to disk fails, causing a Connection Reset in browser. This would be suboptimal though in my opinion, as the user wouldn't know why upload failed. So here it's best to stay with the current behaviour of silently accepting all data from client. > > > > 2) Notify the application code, that upload failed because of > too less > > disk space (maybe one could do this via the existing > infrastructure of > > invoking validate() on the upload form field's widget instance and > > adding another method that would return any occurred errors) > > Please have a look at boost::filesystem::space_info as it should > do the > trick. > > boost::filesystem::space_info will not tell you if the upload failed - > the solution has to come from inside cppcms. The library needs to give > some status for the file upload widget that will say whether the file > was uploaded all right or not. > The set() member function should give you this indication but it does > not set to false if the upload fails to load completely > > I think validate() should also fail, as a file upload which failed to store parts of the file shouldn't be valid under any circumstances. And it would be useful to have some kind of feedback from libcppcms WHY upload failed, so there'd need to be another member method of file widgets that can return an error code or message. Best regards, Julian |
|
From: Lee E. <lee...@gm...> - 2012-07-11 08:42:31
|
On Wed, Jul 11, 2012 at 11:26 AM, Julian Pietron <ju...@wh...>wrote: > Am 11.07.2012 09:41, schrieb Lee Elenbaas: > > > > On Wed, Jul 11, 2012 at 8:09 AM, <ele...@ex...> wrote: > >> > 1) Check available disk space after client sent Content-Length header, >> > decide whether to accept the request or not >> >> I suppose, the header could be forged, just like content-type. >> >> Even if it was not forged - the multi threaded nature of web apps (and > OS for that matter) means that an available space now might not be there > while the file uploads. > > Yes, even if in our special case one could be quite sure that space is > available even during upload, but I agree that this cannot be generalized. > Another possibility would be to just close connection as soon as writing to > disk fails, causing a Connection Reset in browser. This would be suboptimal > though in my opinion, as the user wouldn't know why upload failed. So here > it's best to stay with the current behaviour of silently accepting all data > from client. > > > > If in your special case you can be sure that the free space is not changing - place it in the limits of the file widget when you prepare the form to the user and be sure to get the an invalid file if they submit too large a file. > > 2) Notify the application code, that upload failed because of too less >> > disk space (maybe one could do this via the existing infrastructure of >> > invoking validate() on the upload form field's widget instance and >> > adding another method that would return any occurred errors) >> >> Please have a look at boost::filesystem::space_info as it should do the >> trick. >> >> boost::filesystem::space_info will not tell you if the upload failed - > the solution has to come from inside cppcms. The library needs to give some > status for the file upload widget that will say whether the file was > uploaded all right or not. > The set() member function should give you this indication but it does not > set to false if the upload fails to load completely > > > I think validate() should also fail, as a file upload which failed to > store parts of the file shouldn't be valid under any circumstances. And it > would be useful to have some kind of feedback from libcppcms WHY upload > failed, so there'd need to be another member method of file widgets that > can return an error code or message. > > Best regards, > Julian > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > -- -- lee Lee Elenbaas lee...@gm... |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X