mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #2613 -- Fixed an easily triggered memory error in file uploads for WSGI.
Thanks Jeong-Min Lee. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
00734bca7e
commit
6a12d767d4
1
AUTHORS
1
AUTHORS
@ -100,6 +100,7 @@ answer newbie questions, and generally made Django that much better:
|
||||
lakin.wecker@gmail.com
|
||||
Stuart Langridge <http://www.kryogenix.org/>
|
||||
Eugene Lazutkin <http://lazutkin.com/blog/>
|
||||
Jeong-Min Lee
|
||||
Christopher Lenz <http://www.cmlenz.net/>
|
||||
limodou
|
||||
Martin Maney <http://www.chipy.org/Martin_Maney>
|
||||
|
@ -4,6 +4,11 @@ from django.dispatch import dispatcher
|
||||
from django.utils import datastructures
|
||||
from django import http
|
||||
from pprint import pformat
|
||||
from shutil import copyfileobj
|
||||
try:
|
||||
from cStringIO import StringIO
|
||||
except ImportError:
|
||||
from StringIO import StringIO
|
||||
|
||||
# See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
|
||||
STATUS_CODE_TEXT = {
|
||||
@ -50,6 +55,21 @@ STATUS_CODE_TEXT = {
|
||||
505: 'HTTP VERSION NOT SUPPORTED',
|
||||
}
|
||||
|
||||
def safe_copyfileobj(fsrc, fdst, length=16*1024, size=0):
|
||||
"""
|
||||
A version of shutil.copyfileobj that will not read more than 'size' bytes.
|
||||
This makes it safe from clients sending more than CONTENT_LENGTH bytes of
|
||||
data in the body.
|
||||
"""
|
||||
if not size:
|
||||
return copyfileobj(fsrc, fdst, length)
|
||||
while size > 0:
|
||||
buf = fsrc.read(min(length, remain))
|
||||
if not buf:
|
||||
break
|
||||
fdst.write(buf)
|
||||
size -= len(buf)
|
||||
|
||||
class WSGIRequest(http.HttpRequest):
|
||||
def __init__(self, environ):
|
||||
self.environ = environ
|
||||
@ -119,7 +139,11 @@ class WSGIRequest(http.HttpRequest):
|
||||
try:
|
||||
return self._raw_post_data
|
||||
except AttributeError:
|
||||
self._raw_post_data = self.environ['wsgi.input'].read(int(self.environ["CONTENT_LENGTH"]))
|
||||
buf = StringIO()
|
||||
content_length = int(self.environ['CONTENT_LENGTH'])
|
||||
safe_copyfileobj(self.environ['wsgi.input'], buf, size=content_length)
|
||||
self._raw_post_data = buf.getvalue()
|
||||
buf.close()
|
||||
return self._raw_post_data
|
||||
|
||||
GET = property(_get_get, _set_get)
|
||||
|
Loading…
Reference in New Issue
Block a user