Menu
▾
▴
[Nms-cgi-devel] [ nms-cgi-Feature Requests-517297 ] Security: block uploads + max posts
|
From: SourceForge.net <no...@so...> - 2004-05-06 17:03:38
|
Feature Requests item #517297, was opened at 2002-02-14 02:32 Message generated for change (Settings changed) made by gellyfish You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=517297&group_id=39625 Category: None Group: None >Status: Closed Priority: 5 Submitted By: Olivier Dragon (dragonoe) Assigned to: Nobody/Anonymous (nobody) Summary: Security: block uploads + max posts Initial Comment: Do for all scripts. Information below if from the CGI.pm documentation. $CGI::POST_MAX If set to a non-negative integer, this variable puts a ceiling on the size of POSTings, in bytes. If CGI.pm detects a POST that is greater than the ceiling, it will immediately exit with an error message. This value will affect both ordinary POSTs and multipart POSTs, meaning that it limits the maximum size of file uploads as well. You should set this to a reasonably high value, such as 1 megabyte. $CGI::DISABLE_UPLOADS If set to a non-zero value, this will disable file uploads completely. Other fill-out form values will work as usual. --- 1. On a script-by-script basis Set the variable at the top of the script, right after the "use" statement: use CGI qw/:standard/; use CGI::Carp 'fatalsToBrowser'; $CGI::POST_MAX=1024 * 100; # max 100K posts $CGI::DISABLE_UPLOADS = 1; # no uploads ---------------------------------------------------------------------- Comment By: Jonathan Stowe (gellyfish) Date: 2002-02-23 09:31 Message: Logged In: YES user_id=313586 I've assigned it to you anyway ;-} ---------------------------------------------------------------------- Comment By: Olivier Dragon (dragonoe) Date: 2002-02-18 15:55 Message: Logged In: YES user_id=441695 Just want to record it so all developers know, until we've done it for all the scripts. ---------------------------------------------------------------------- Comment By: Jonathan Stowe (gellyfish) Date: 2002-02-17 20:15 Message: Logged In: YES user_id=313586 I Think we are doing this bit by bit ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=517297&group_id=39625 |
