I think that > 1MB post data is supported, but the http_request.post_data
  property won't be created if the length > MAX_POST_LEN. Perhaps would just
  store the post data in a file (uh, it already is?) and expose the filename to
  JS scripts? It'd be a lot cleaner than storing the data in a file and then
  reading (or mem-mapping) the file and then copying the contents into a JS
  property.

Allow the JS http_request.post_data property to contain NULs.

open_post_file() will now open the post file (and return the FILE*) even if
  session->req.post_data is NULL, it just won't try to write to the file if the
  post_data is NULL.

mem-map the large post data files using XPMAP_WRITE (read/write) rather than
  XPMAP_READ (read-only) - without this change, this line in read_post_data()
  would cause an exception:
    session->req.post_data[session->req.post_len]=0;
  Now, we seem to have the potential of an off-by-one here (if the length
  mem-mapped is not post_len + 1), but that isn't happening. <shrug>

Fixed a couple of FILE pointer/descriptor leaks if post_to_file() failed.

Changed name of post data file to SBBS_POST.*.*.data (it's not necessarily
html).

So now, uploads > 1MB work, but questions remain:
- wouldn't PUT be a more appropriate method (than POST) for file uploads?
- how can we support post_data > MAX_POST_LEN (now 4MB) in JS?