Package enomalism2 :: Module uploadfilter
Module uploadfilter


UploadFilter - File upload functionality.
    2006, James Kassemi - http://www.kepty.com
    2006, Ian Charnas <icc@case.edu> made the following minor changes:

          Immediately return from FieldStorage.__del__ so as not to 
          delete information about transfers when the transfers are over.  
          Instead we leave the deletion up to the controlling app.

          Fixed bug on line 218 (change 'upload_limit_filter" to "upload_filter")

          Changed 'transfered' to correctly-spelled 'transferred'

If you allow users to upload files to your site you're definitely going to want
to use the uploadfilter.max_concurrent setting, and set it to less than the
number of threads in your server.thread_pool setting. Without it you'll be
opening your site up to a simple dos if there are a number of concurrent
file uploads that utilize all of your threads.

As you'll be doing anyway, make sure that the enctype of your form is
multipart/form-data, as that's what we'll be using to determine whether or not
to track a file upload.

Configuration:
    - uploadfilter.max_concurrent
        Set the number of files that can be concurrently uploaded to the site.
        If the number exceeds the number set here, Upload_MaxConcError will be
        raised.

    - uploadfilter.max_size
        Size, in kb, to limit uploaded files to. This will check both the
        header version, but in case that's spoofed, it will also check during
        the writing of the file to the temporary area. Raises
        Upload_MaxSizeError if the size exceeds this number. This will
        also override cherrypy.max_request_body_size for this area, so you don't
        have to worry about conflicting with that. If this is NOT set then
        you'll be dealing with the max_request_body_size, and we'll do NO
        checks.

    - uploadfilter.timeout
        Time cap. will raise Upload_TimeoutError if the user has been uploading a file
        for longer than the value set here.

    - uploadfilter.explicit
        Tells the system to check whether or not pages allows uploads. Set
        this at a root directory, and then add

            uploadfilter.declared=True

        where a page accepts file uploads. This prevents someone from posting file
        data to other fields, tying up your bandwidth by exploiting the fact cp
        will upload the file before you can check it.

    - uploadfilter.min_upspeed
        To keep someone from maintaining a connection and tying up a thread by
        uploading at a VERY slow rate, you can set this value (make sure it's
        somewhat low). It will raise Upload_UpSpeedError if the user's average
        upload speed drops below this value. the uploadfilter.timeout filter
        can be used as an alternative, but this might be preferable, depending
        on your situation.

Real-time statistics:
    The 'file_transfers' attribute is added to the cherrypy object, and can be
    used to keep track of files being uploaded from a remote host. The format
    is as follows:

    cherrypy.file_transfers[remote_addr][filename] = ProgressFile object

    And the ProgressFile object will maintain these attributes:
        - transferred          byte size of transferred data thus far.
        - speed               bytes/sec
        - remaining           bytes remaining
        - eta                 estimated seconds until arrival

    It's possible to create an AJAX-style interface to show the user the status
    of their file uploads now, so long as you have an available thread to take
    the requests for it...
Classes
[hide private]
Upload_MaxConcError
Upload_TimeoutError
Upload_MaxSizeError
Upload_UnauthorizedError
Upload_UpSpeedError
ProgressFile
FieldStorage
We want control over our timing and download status, so we've got to override the original.
UploadFilter
Variables
[hide private]
current_uploads = 0