commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FILEUPLOAD-248) [DISK] Unsafe file move operation (possibly swallowing write errors)
Date Sun, 16 Feb 2014 00:38:19 GMT

    [ https://issues.apache.org/jira/browse/FILEUPLOAD-248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902594#comment-13902594
] 

Sebb commented on FILEUPLOAD-248:
---------------------------------

Agreed it would make more sense to use the method from Commons IO.

> [DISK] Unsafe file move operation (possibly swallowing write errors)
> --------------------------------------------------------------------
>
>                 Key: FILEUPLOAD-248
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-248
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Source
>            Reporter: Bernd Eckenfels
>
> Because of a fix for FILEUPLOAD-246 I noticed that there is a fileRenameOrCopy function
which swallows exceptions on the OutputStream#close() method. This is unsafe since a lot of
filesystem operations can fail in exactly this step.
> There is also a Commons IO Utility which does rename or copy, so the whole code block
could be removed.
> Problem is here in Line 416: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?revision=1568691&view=markup
> Besides using FileUtil.move() another option would be to add a out.close() before the
catch.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message