Module: check_mk
Branch: master
Commit: 90469813f9ad22a453b032066584e39f1d0a8053
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=90469813f9ad22…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Feb 13 16:17:53 2014 +0100
FIX Allowing upload of files without loading the whole file into memory
---
.werks/668 | 8 ++++++++
ChangeLog | 1 +
web/htdocs/htmllib.py | 15 +++++++++------
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/.werks/668 b/.werks/668
new file mode 100644
index 0000000..0ddd17f
--- /dev/null
+++ b/.werks/668
@@ -0,0 +1,8 @@
+Title: Allowing upload of files without loading the whole file into memory
+Level: 1
+Component: multisite
+Version: 1.2.5i1
+Date: 1392304629
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 5751d00..ceb207d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -217,6 +217,7 @@
* 0273 FIX: Fixed exceptions when modifying / cloning views...
* 0274 FIX: Fixed exception when view title or description was missing
* 0278 FIX: Fixed bookmark icon images for non-english user languages...
+ * 0668 FIX: Allowing upload of files without loading the whole file into memory
WATO:
* 0308 Multisite can now set rotation view permissions for NagVis...
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index c6985ed..b4802ae 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -1251,14 +1251,13 @@ class html:
self.load_tree_states()
self.treestates[tree] = val
- def parse_field_storage(self, fields):
+ def parse_field_storage(self, fields, handle_uploads_as_file_obj = False):
self.vars = {}
self.listvars = {} # for variables with more than one occurrance
self.uploads = {}
for field in fields.list:
varname = field.name
- value = field.value
# To prevent variours injections, we only allow a defined set
# of characters to be used in variables
@@ -1267,19 +1266,23 @@ class html:
# put uploaded file infos into separate storage
if field.filename is not None:
- self.uploads[varname] = (field.filename, field.type, field.value)
+ if handle_uploads_as_file_obj:
+ value = field.file
+ else:
+ value = field.value
+ self.uploads[varname] = (field.filename, field.type, value)
else: # normal variable
# Multiple occurrance of a variable? Store in extra list dict
if varname in self.vars:
if varname in self.listvars:
- self.listvars[varname].append(value)
+ self.listvars[varname].append(field.value)
else:
- self.listvars[varname] = [ self.vars[varname], value ]
+ self.listvars[varname] = [ self.vars[varname], field.value ]
# In the single-value-store the last occurrance of a variable
# has precedence. That makes appending variables to the current
# URL simpler.
- self.vars[varname] = value
+ self.vars[varname] = field.value
def uploaded_file(self, varname, default = None):
return self.uploads.get(varname, default)