proper use of $r->read?

proper use of $r->read?

am 27.04.2011 17:40:11 von E R

Hi,

What's the proper way to read in the posted content from a request?

Using this Google code search:

http://www.google.com/codesearch?q=lang%3Aperl+%5C%24r-%3Ere ad.*length&hl=en

I see instances of:

$r->read($line, $r->headers_in->get('Content-length'));

and also loops like:

while ( $r->read( $buffer, $content_length ) ) {
$content .= $buffer;
}

What's the best/proper way to slurp in all of the POST content?

Thanks,
ER

Re: proper use of $r->read?

am 27.04.2011 19:22:50 von torsten.foertsch

On Wednesday, April 27, 2011 17:40:11 E R wrote:
> What's the proper way to read in the posted content from a request?
>=20
> Using this Google code search:
>=20
> http://www.google.com/codesearch?q=3Dlang%3Aperl+%5C%24r-%3E read.*length
> &hl=3Den
>=20
> I see instances of:
>=20
> $r->read($line, $r->headers_in->get('Content-length'));
>=20
> and also loops like:
>=20
> while ( $r->read( $buffer, $content_length ) ) {
> $content .=3D $buffer;
> }
>=20
> What's the best/proper way to slurp in all of the POST content?

At first, there is a bug in $r->read in 2.0.4 that prevents loops like

my $buf=3D'';
1 while $r->read($buf, CHUNK_SIZE, length $buf);

In general I'd recommend to read up to the end of the stream. Apache=20
knows when it is reached. Relying on the Content-Length input header only=20
is bad because the request may not contain that field.

Also, think twice before implementing something similar unless you have a=20
really controlled environment. It is quite simple for an attacker to send=20
an infinite stream of data.

Torsten Förtsch

=2D-=20
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

Re: proper use of $r->read?

am 27.04.2011 21:25:46 von E R

Hi Torsten,

So is this what you are suggesting...

Define $MAX_SIZE to be the largest length of POSTed data you will accept.

For modperl <= 2.0.4 just use a single read and hope for the best:

$r->read($buf, $MAX_SIZE);

For modperl > 2.0.4 ( >= 2.0.5?) using this while-loop works:

my $buf = "";
1 while (length($buf) < $MAX_SIZE) && $r->read($buf, $MAX_SIZE, length($buf));

Thanks,
ER