Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

A corrected version of r3805.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 28fad23a3f11bdd4d8e0961344df1c6a5983fc3c 1 parent 12273fa
Malcolm Tredinnick authored September 23, 2006
1  AUTHORS
@@ -100,6 +100,7 @@ answer newbie questions, and generally made Django that much better:
100 100
     lakin.wecker@gmail.com
101 101
     Stuart Langridge <http://www.kryogenix.org/>
102 102
     Eugene Lazutkin <http://lazutkin.com/blog/>
  103
+    Jeong-Min Lee
103 104
     Christopher Lenz <http://www.cmlenz.net/>
104 105
     limodou
105 106
     Martin Maney <http://www.chipy.org/Martin_Maney>
26  django/core/handlers/wsgi.py
@@ -4,6 +4,11 @@
4 4
 from django.utils import datastructures
5 5
 from django import http
6 6
 from pprint import pformat
  7
+from shutil import copyfileobj
  8
+try:
  9
+    from cStringIO import StringIO
  10
+except ImportError:
  11
+    from StringIO import StringIO
7 12
 
8 13
 # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
9 14
 STATUS_CODE_TEXT = {
@@ -50,6 +55,21 @@
50 55
     505: 'HTTP VERSION NOT SUPPORTED',
51 56
 }
52 57
 
  58
+def safe_copyfileobj(fsrc, fdst, length=16*1024, size=0):
  59
+    """
  60
+    A version of shutil.copyfileobj that will not read more than 'size' bytes.
  61
+    This makes it safe from clients sending more than CONTENT_LENGTH bytes of
  62
+    data in the body.
  63
+    """
  64
+    if not size:
  65
+        return copyfileobj(fsrc, fdst, length)
  66
+    while size > 0:
  67
+        buf = fsrc.read(min(length, size))
  68
+        if not buf:
  69
+            break
  70
+        fdst.write(buf)
  71
+        size -= len(buf)
  72
+
53 73
 class WSGIRequest(http.HttpRequest):
54 74
     def __init__(self, environ):
55 75
         self.environ = environ
@@ -119,7 +139,11 @@ def _get_raw_post_data(self):
119 139
         try:
120 140
             return self._raw_post_data
121 141
         except AttributeError:
122  
-            self._raw_post_data = self.environ['wsgi.input'].read(int(self.environ["CONTENT_LENGTH"]))
  142
+            buf = StringIO()
  143
+            content_length = int(self.environ['CONTENT_LENGTH'])
  144
+            safe_copyfileobj(self.environ['wsgi.input'], buf, size=content_length)
  145
+            self._raw_post_data = buf.getvalue()
  146
+            buf.close()
123 147
             return self._raw_post_data
124 148
 
125 149
     GET = property(_get_get, _set_get)

0 notes on commit 28fad23

Please sign in to comment.
Something went wrong with that request. Please try again.