[Zope] How to stop users uploading large images
Rik Hoekstra
rik.hoekstra@inghist.nl
Tue, 25 Apr 2000 13:14:04 +0200
Steve Alexander wrote:
>
> Hi Folks,
>
> I want to allow ordinary, low-privalidged but non-anonymous users of my
> site to upload small images.
>
> I can use PIL to scale images that are slightly too large. However, I
> want to stop users abusing the system by uploading 100MB images to see
> if it will crash the system.
Well, you can't prevent them from trying to upload the image."A 100 Mb
image by itself could get you in trouble by itself (and them as well)
;-(
>
> What is the best way of doing this?
What about a test for the length of the uploaded file? So instead of
calling the upload method of the Image class directly, make the form
with which the users upload the file first call an intermediate dtml
method, that tests for the length of the uploaded file and only if it's
under a certain length pass it on to the upload method. Something like
this (lightly tested)
<dtml-call "REQUEST.set('f', file.read())">
<dtml-if "_.len(f) > 10000">
This image is too large!
<dtml-else>
<call Image constructor here>
</dtml-if>
>
> Can I modify the _read_data() method of lib/python/OFS/Image.py to read
> some kind of maximum-size attribute, and abort uploads that exceed that
> size?
>
> Alternatively, perhaps this is something I don't need to worry about.
> Maybe the ZODB has a graceful failure mode on extra-large uploads.
>
But what (in general) is extra large?
Rik