Hey,
Thank you for your hints, Jerry.
Now I gotta answer my own question. It's a less-than-decent solution.
The saver is [ns_conn contentlength] which checks the http header of the http request. Code fraqments for the form action:
################### begin of code
# check security here if needed
set content_length [ns_conn contentlength]
if {$content_length > 1457664} {
# upload is more than 1M, reject
ns_returnredirect "error_page"
return
}
# now that we checked the request is permitted,
# actually parse the data
set_the_usual_form_variables
# do some insert / logic / file handling, blah...
###############end of code
The key is to do the ns_conn before [set_the_usual_form_variables] because [set_the_usual...] calls ns_getform to actually parse the data. I call this a less-than-decent solution because this check the content-length of the whole client request but not the upload file alone. The size of the whole client request consists of other form data and some other stuffs.
For me I am just giving a few hundred kilobytes on top of the upload file size limit to handle the extras.
For a decent solution (check the file size alone) one would want to edit form.tcl/ns_getform in the Aolserver modules.
Thanks again.
Sincerely,
