VarImage, Problems with uploaded files.
Good afternoon all, I would like to use the VarImage product as part of a "notice board" project. Different ways data is access demand different sizes for the graphics, and the VarImage product seems to be the right tool for the task...almost. These will be graphics uploaded by the end user via a form, and I've encountered two problems where it seems VarImage ate my Zope server, presumably due to "bad input". 1) A huge JPG (~10MB) was uploaded. The server then died. 2) A bitmap was uploaded instead of a jpg/gif. The server then died. Both scenarios are repeatable, but by no means are my diagnosis skills sophisticated to comment any further on what's going on. So as a preamble to my actual question I'd welcome advice on how to more properly figure out whats going on here. It seems that processing threads are getting sent off into the wild blue yonder and never ever coming back. I figure the only way I can use VarImage for my needs is if I make sure that files are <500k and if they are actually gifs of jpegs. So my *actual* question is: How can I tell if an uploaded file is a gif or a jpg? I know I'll probably need to look at the first 4 bytes for some kind of code, but I don't know what that is (nor exactly how to do it) and am dead certain that someone out there has done this already. Thanks --- Edward J. Pollard University of Lethbridge Web Development
On Wednesday 17 September 2003 04:20 pm, Edward Pollard wrote:
I would like to use the VarImage product as part of a "notice board" project. Different ways data is access demand different sizes for the graphics, and the VarImage product seems to be the right tool for the task...almost. These will be graphics uploaded by the end user via a form, and I've encountered two problems where it seems VarImage ate my Zope server, presumably due to "bad input".
Yep. I designed it for that, but it didn't work 100%. I *think* it's working much better now in version 2.3, which can be found under "downloads" at: http://www.anansispaceworks.com/
1) A huge JPG (~10MB) was uploaded. The server then died. 2) A bitmap was uploaded instead of a jpg/gif. The server then died.
Both scenarios are repeatable, but by no means are my diagnosis skills sophisticated to comment any further on what's going on.
That's okay. I can tell you: you're encountering bugs I fixed between v2.2 and v2.3 -- incorrect reference to the data, and no defenses against data that PIL cannot read. At least, I will be very surprised if that's not it.
I figure the only way I can use VarImage for my needs is if I make sure that files are <500k and if they are actually gifs of jpegs.
Upgrade to 2.3, and VarImage will take care of both problems (actually it won't limit the image filesize, but it should handle large files properly now).
How can I tell if an uploaded file is a gif or a jpg? I know I'll
You check the "content_type" attribute of the object. I'm pretty sure this is available in the ZMI management screen for Images (and therefore for VarImage, too).
probably need to look at the first 4 bytes for some kind of code, but I don't know what that is (nor exactly how to do it) and am dead certain that someone out there has done this already.
Yeah, Zope has: It's in lib/python/OFS/Image.py, class "File". My advice is "don't mess with it", it knows what it's doing. VarImage now heeds this information and only attempts to process image/jpeg, image/gif, or image/png data. Anything else causes it to render an "error message image" instead (It just says "VarImage Error" in a nice yellow-on-red warning style -- I thought about being more specific than that, but it isn't usually that hard to figure out what went wrong), the main thing is that it won't cause Zope to deliver a traceback on the page it was embedded in. I think this is a much nicer failure mode than I had before. It also does this if PIL fails to read the image (which usually means you have a corrupted image file, though I have a collection of PNG files that read just fine in ImageMagick, but kill PIL -- maybe they're "interlaced", which I think PIL says it doesn't support). Hope this helps, Terry -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com
On Wednesday 17 September 2003 06:34 pm, Terry Hancock wrote:
Yeah, Zope has: It's in lib/python/OFS/Image.py, class "File". My advice is "don't mess with it", it knows what it's doing. VarImage now heeds this information and only attempts to process image/jpeg, image/gif, or image/png data.
As I typed this, I remembered that recently I tried to upload some "Ogg Vorbis" files into my Zope instance, and -- not too surprisingly -- Zope did *not* know what to do with them. Does anybody have any advice on how (best) to alter Zope so that it would recognize such files automatically? I just looked into OFS, and I see the real decision seems to be made in content_types.py (duh), and seems to rely heavily on filename extensions. Which is okay, since I use ".ogg" for these files. What's the smart way to fix this? Can I do it in my Zope instance or from product code, or do I have to actually hack the Zope sources themselves for this kind of change? (Looks like hacking _addtypes in content_types.py might do the trick?). Strategic advice appreciated. Oh, and BTW, this is because I'm thinking about writing a Zope music-player applet plugin, wrapping the GPL Java player you can find at http://www.javazoom.net/applets/jlguiapplet/jlguiapplet.html by "JavaZOOM". Yes, it even uses WinAMP compatible skins. Isn't that cool? Don't you just want a drop-in Zope version, so you can pop it into your pages with <dtml-var song_player>? And have a Folder interface for the playlist, so you just upload the tracks you want? I know I do. 8-) It requires the non-free Java, but it's still pretty cool. I want to use it on my personal page. ;-) Thinking of calling it "Zogger". What do you think? (If somebody's already done one, please tell me -- I did a search, but didn't find any). Cheers, Terry -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com
If you use CMF, then you have the 'content type registry' where you can have your new type recognized and assigned to a particular object type (very useful for WEBDAV). Note in the content type registry the items are evaluated top-down (like an ACL), so put 'text' somewhere near the bottom. On Wednesday, September 17, 2003, at 08:00 PM, Terry Hancock wrote:
On Wednesday 17 September 2003 06:34 pm, Terry Hancock wrote:
Yeah, Zope has: It's in lib/python/OFS/Image.py, class "File". My advice is "don't mess with it", it knows what it's doing. VarImage now heeds this information and only attempts to process image/jpeg, image/gif, or image/png data.
As I typed this, I remembered that recently I tried to upload some "Ogg Vorbis" files into my Zope instance, and -- not too surprisingly -- Zope did *not* know what to do with them. Does anybody have any advice on how (best) to alter Zope so that it would recognize such files automatically?
I just looked into OFS, and I see the real decision seems to be made in content_types.py (duh), and seems to rely heavily on filename extensions. Which is okay, since I use ".ogg" for these files. What's the smart way to fix this? Can I do it in my Zope instance or from product code, or do I have to actually hack the Zope sources themselves for this kind of change? (Looks like hacking _addtypes in content_types.py might do the trick?).
Strategic advice appreciated.
Oh, and BTW, this is because I'm thinking about writing a Zope music-player applet plugin, wrapping the GPL Java player you can find at http://www.javazoom.net/applets/jlguiapplet/jlguiapplet.html by "JavaZOOM". Yes, it even uses WinAMP compatible skins. Isn't that cool? Don't you just want a drop-in Zope version, so you can pop it into your pages with <dtml-var song_player>? And have a Folder interface for the playlist, so you just upload the tracks you want? I know I do. 8-)
It requires the non-free Java, but it's still pretty cool. I want to use it on my personal page. ;-) Thinking of calling it "Zogger". What do you think? (If somebody's already done one, please tell me -- I did a search, but didn't find any).
Cheers, Terry
-- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Edward Pollard -
Marc Lindahl -
Terry Hancock