[checkmk-commits] Check_MK Git: check_mk: FIX Allowing upload of files without loading the whole file into memory

Lars Michelsen lm at mathias-kettner.de
Thu Feb 13 16:20:02 CET 2014


Module: check_mk
Branch: master
Commit: 90469813f9ad22a453b032066584e39f1d0a8053
URL:    http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=90469813f9ad22a453b032066584e39f1d0a8053

Author: Lars Michelsen <lm at mathias-kettner.de>
Date:   Thu Feb 13 16:17:53 2014 +0100

FIX Allowing upload of files without loading the whole file into memory

---

 .werks/668            |    8 ++++++++
 ChangeLog             |    1 +
 web/htdocs/htmllib.py |   15 +++++++++------
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/.werks/668 b/.werks/668
new file mode 100644
index 0000000..0ddd17f
--- /dev/null
+++ b/.werks/668
@@ -0,0 +1,8 @@
+Title: Allowing upload of files without loading the whole file into memory
+Level: 1
+Component: multisite
+Version: 1.2.5i1
+Date: 1392304629
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 5751d00..ceb207d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -217,6 +217,7 @@
     * 0273 FIX: Fixed exceptions when modifying / cloning views...
     * 0274 FIX: Fixed exception when view title or description was missing
     * 0278 FIX: Fixed bookmark icon images for non-english user languages...
+    * 0668 FIX: Allowing upload of files without loading the whole file into memory
 
     WATO:
     * 0308 Multisite can now set rotation view permissions for NagVis...
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index c6985ed..b4802ae 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -1251,14 +1251,13 @@ class html:
         self.load_tree_states()
         self.treestates[tree] = val
 
-    def parse_field_storage(self, fields):
+    def parse_field_storage(self, fields, handle_uploads_as_file_obj = False):
         self.vars     = {}
         self.listvars = {} # for variables with more than one occurrance
         self.uploads  = {}
 
         for field in fields.list:
             varname = field.name
-            value = field.value
 
             # To prevent variours injections, we only allow a defined set
             # of characters to be used in variables
@@ -1267,19 +1266,23 @@ class html:
 
             # put uploaded file infos into separate storage
             if field.filename is not None:
-                self.uploads[varname] = (field.filename, field.type, field.value)
+                if handle_uploads_as_file_obj:
+                    value = field.file
+                else:
+                    value = field.value
+                self.uploads[varname] = (field.filename, field.type, value)
 
             else: # normal variable
                 # Multiple occurrance of a variable? Store in extra list dict
                 if varname in self.vars:
                     if varname in self.listvars:
-                        self.listvars[varname].append(value)
+                        self.listvars[varname].append(field.value)
                     else:
-                        self.listvars[varname] = [ self.vars[varname], value ]
+                        self.listvars[varname] = [ self.vars[varname], field.value ]
                 # In the single-value-store the last occurrance of a variable
                 # has precedence. That makes appending variables to the current
                 # URL simpler.
-                self.vars[varname] = value
+                self.vars[varname] = field.value
 
     def uploaded_file(self, varname, default = None):
         return self.uploads.get(varname, default)



More information about the checkmk-commits mailing list