commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Koltsov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (FILEUPLOAD-148) FileItemFactory.setMaxStringLength()
Date Tue, 02 Oct 2007 11:23:51 GMT

    [ https://issues.apache.org/jira/browse/FILEUPLOAD-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531755
] 

Stepan Koltsov commented on FILEUPLOAD-148:
-------------------------------------------

I think this functionality would be useful to all users. Because almost nobody checks file.getSize()
before calling getString(), so almost any site that uses commons-fileupload can be DOSed by
uploading big flie into "text" field.

> FileItemFactory.setMaxStringLength()
> ------------------------------------
>
>                 Key: FILEUPLOAD-148
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-148
>             Project: Commons FileUpload
>          Issue Type: New Feature
>    Affects Versions: 1.2
>            Reporter: Stepan Koltsov
>
> Need method
> FileItemFactory.setMaxStringLength(int limitInBytes)
> When this parameter is set, calling of FileItem.getString() when getSize() exceeds limitInBytes
should throw Exception. This is required to avoid OOME in case of wrongly submitted forms
(i. e. when bad guy puts big file into the form field "fileDescription").
> Or even better sizeThreshold should be used for this value.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message