Limit Photo Size on Upload
Sivakatirswami
katir at hindu.org
Fri Nov 6 19:09:25 EST 2009
I don't think we can include
<?php
#whatever code
?>
on a *.irev page....
at least not yet.
But bottom line is: you are measuring input data *after* the user hits
"submit"
I may as well just measure the $_POST_RAW value before processing it.
If some deranged person tries to upload a 100MB file, he will just be
waiting forever. I don't think our server will care a whit about it.
Once it's uploaded, the irev page will simply drop I could be sure by
doing a "put empty" into the $_POST_RAW... I suppose there could be a
RAM issue on the web server, but a linux machine, I believe will start
using Virtual memory and nothing bad will happen (I hope)
Perhaps the iRev engine has some hidden "agent" that can return a value
for the amt of data that's been read "so far" before the complete post
is received? If so, we could poll that and terminate, like the PHP thing
does.
skts
Jim Ault wrote:
> You should be able to specify the max file size in the <form> before
> the image is posted.
>
> And this link is a PHP solution that handles several errors and user
> feedback
> -- lots of notes on each line so that you know what is going on
> -- remember the PHP engine is running on the web host
> -- there is a multi-image file upload version at the bottom of this
> page
>
> http://webdeveloper.com/forum/showthread.php?t=101466
>
> Note the line in the html body
>
> <input type="hidden" name="MAX_FILE_SIZE" value="<?php
> echo $max_file_size ?>">
>
> thus a hidden value is sent to the server to limit the number of
> characters it will accept when the server creates the variable and
> loads the image data. The result of trying to upload a very large
> image is that only part of it will be stored in a 'tmp_name' array
> variable in web server RAM,
>
> // now let's move the file to its final location and allocate the new
> filename to it
> @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
> or error('receiving directory insuffiecient permission',
> $uploadForm);
>
> and the user notified -- the PHP code directs the user to the page
> that outputs the error messages.
>
> // The following function is an error handler which is used
> // to output an HTML error page if the file upload fails
> function error($error, $location, $seconds = 5)
>
> At the top of the web page source is where the value of the PHP
> variable is set by:
>
> // set a max file size for the html upload form
> $max_file_size = 30000; // size in bytes
>
> When you are ready, you can use the download link to get the
> upload.zip or the multifileupload.zip from the author.
>
> I would prefer a PHP solution to a javascript one, but that is my
> preference
>
> Jim Ault
> Las Vegas
>
> On Nov 6, 2009, at 11:46 AM, Sivakatirswami wrote:
>
>> Jim Ault wrote:
>>
>>> One solution is use form validation in the browser before sending.
>>> Here is a link to the Apple developer site showing a javascript
>>> example.
>>> http://developer.apple.com/internet/webcontent/validation.html
>>> Also, try Googling "html form validation" for hundreds of sites with
>>> info.
>>> If a Rev plugin is present, you could use Rev to check the size
>>
>> Though I try to stay away from JS as much as i can, looks very
>> useful. Only thing is: I don't see a function there to check file
>> size, and further research indicates that JS security constraints bar
>> JS from reading the file size and one can only do this with an
>> ActiveX thing in I.E.
>>
>> So, it's back to a server side input data check...or
>>
>> I'll be patient and wait until next week and implement as a revlet
>> and then it will be easy. This will also constrain input from only
>> those who trust us, which is an excellent "screening" that the revlet
>> security provides.
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
More information about the use-livecode
mailing list