digitalmars.D.announce - Tutorial: Form upload in vibe.d
- aberba (1/1) Dec 06 2016 https://aberba.github.io/2016/form-upload-in-vibe-d/
- Edwin van Leeuwen (2/3) Dec 07 2016 Thanks for the tutorial! Please keep them coming.
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (12/13) Dec 07 2016 Nice article, I'll add this to the tutorials section [1]. Two additional...
- aberba (2/15) Dec 08 2016 Done! Thanks for the feedback.
- NVolcz (20/21) Dec 08 2016 Love the article! Please keep writing tutorials like this :-D.
Edwin van Leeuwen <edder tkwsping.nl> On Tuesday, 6 December 2016 at 22:28:04 UTC, aberba wrote:https://aberba.github.io/2016/form-upload-in-vibe-d/Thanks for the tutorial! Please keep them coming.
Dec 07 2016
Am 06.12.2016 um 23:28 schrieb aberba:https://aberba.github.io/2016/form-upload-in-vibe-d/Nice article, I'll add this to the tutorials section [1]. Two additional suggestions: - It's probably a good idea to mention that HTTPServerSettings.maxRequestSize is 2 MiB by default and should be increased if larger files are expected - The last snippet with "static this()" (using "shared static this" would be better to avoid issues in multi-threaded applications) doesn't contain the /upload route, but it's probably better to have it either there or later within the text, as it may not be obvious how to register that exactly [1]: https://vibed.org/tutorials
Dec 07 2016
On Thursday, 8 December 2016 at 00:44:19 UTC, Sönke Ludwig wrote:Am 06.12.2016 um 23:28 schrieb aberba:Done! Thanks for the feedback.https://aberba.github.io/2016/form-upload-in-vibe-d/Nice article, I'll add this to the tutorials section [1]. Two additional suggestions: - It's probably a good idea to mention that HTTPServerSettings.maxRequestSize is 2 MiB by default and should be increased if larger files are expected - The last snippet with "static this()" (using "shared static this" would be better to avoid issues in multi-threaded applications) doesn't contain the /upload route, but it's probably better to have it either there or later within the text, as it may not be obvious how to register that exactly [1]: https://vibed.org/tutorials
Dec 08 2016
On Tuesday, 6 December 2016 at 22:28:04 UTC, aberba wrote:https://aberba.github.io/2016/form-upload-in-vibe-d/uLove the article! Please keep writing tutorials like this :-D. Feedback: 1. The upload function is (kind of) vulnerable against path traversal: moveFile(file.tempPath, Path("./public/uploads") ~ file.filename); If a file named "../SomeOtherFile.htm" is uploaded the server will hit this assert: https://github.com/rejectedsoftware/vibe.d/blob/master/core/vibe/core/path.d#L426 Denail of Service attack! When the application is compiled with the release flag the assert will be omitted and the path traversal will work. 2. It would be more beginner friendly if you also described how to add the upload function to the router. 3. Your github link on the left side is broken. Discovered this when I was looking for a zip with the finished code.
Dec 08 2016
On Thursday, 8 December 2016 at 20:48:52 UTC, NVolcz wrote:On Tuesday, 6 December 2016 at 22:28:04 UTC, aberba wrote:Thanks for feedback. Will consider those points raised in thought. Will add more advanced stuff and security as time goes on.[...]Love the article! Please keep writing tutorials like this :-D. Feedback: 1. The upload function is (kind of) vulnerable against path traversal: moveFile(file.tempPath, Path("./public/uploads") ~ file.filename); [...]
Dec 10 2016
On Saturday, 10 December 2016 at 17:39:20 UTC, aberba wrote:On Thursday, 8 December 2016 at 20:48:52 UTC, NVolcz wrote:Please fix the security vulnerability for this tutorial as well in case someone copy pastes the code.On Tuesday, 6 December 2016 at 22:28:04 UTC, aberba wrote:Thanks for feedback. Will consider those points raised in thought. Will add more advanced stuff and security as time goes on.[...]Love the article! Please keep writing tutorials like this :-D. Feedback: 1. The upload function is (kind of) vulnerable against path traversal: moveFile(file.tempPath, Path("./public/uploads") ~ file.filename); [...]
Dec 11 2016