Hi Dave,
Yes, this has been fixed for a few versions now ..

 - Jamie

On 27/Nov/2006 12:42 Dave Isaacs wrote ..


Almost a year ago I posted this question about restricting file upload size.  At the time you admitted to some miniserv.pl limitations and said that you would take care of this. 

Have you?  If yes, great!  If not, any estimates on when this can get in?


Dave I

From: Jamie Cameron <jcameron@webmin.com>
To: webadmin-list@lists.sourceforge.net
Reply-To: webadmin-list@lists.sourceforge.net
Date: Feb 10 2006 - 6:38pm

On 11/Feb/2006 03:19 Dave Isaacs wrote ..
> My experience shows that this does not work.
> I put a 1000000 limit in my call to ReadParseMime then attempted to upload
> a
> 1GB file. Using top, I watched the miniserv.pl process climb to about
> 600MB
> before crashing. ReadParseMime was never called because my module was
> never
> invoked.
> If I look at miniserv.pl, at around line 1740, I see
> $clen = $header{"content-length"};
> if ($method eq "POST" && $clen_read < $clen) {
> # Still some more POST data to read
> while(length($postinput) < $clen) {
> $buf = &read_data($clen - length($postinput));
> if (!length($buf)) {
> &http_error(500, "Failed to read ".
> "POST request");
> }
> $postinput .= $buf;
> }
> }
> This looks an awful lot like reading in the entire file upload. As a test,
> I wrote the length($postinput) value to a log file (right before the call
> to
> read_data) and found that miniserv.pl was looping in an attempt to read
> the
> entire file upload.

Hi Dave,
You are absolutely correct .. Webmin really does the whole posted input into
memory! Sorry, I totally forgot about that..

> Then I stumbled upon the forkcgis configuration setting, which appears
> to
> switch on a alternative method of invoking the webmin modules. This method
> has miniserv.pl forwarding the file upload to the forked process as it
> is
> received. Unfortunately, this does not work either. Now when I upload
> a
> large file, something goes wrong and there is never a response. The log
> messages I put in the miniserv loop shows that about 7500 bytes are read
> in,
> and then everything stops. Although this is better than crashing the
> server, it is still not correct.

I looked into this too, and found that Webmin is currently terminating the
browser connection if the uploaded data is more than the set limit. Unfortunately,
no browsers take kindly to this, and display an error message about the connection
being closed.

In the next release of Webmin, it will handle this better by reading all the data
submitted by the browser, but not actually storing it in memory if the limit is exceeded.
That is not quite ideal, but still better than the current situation.

- Jamie