ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Al Byers <bye...@automationgroups.com>
Subject Re: Dealing with ESAPI in CMS
Date Tue, 24 Feb 2009 04:29:39 GMT
I was being too general. I was not uploading images. I just used
createTextContent and it failed because the limit was set too low. I saw how
to fix that with maxInputSize and was just asking the question if there were
more granular ways to deal with the problem.

-Al

On Mon, Feb 23, 2009 at 5:30 PM, David E Jones
<david.jones@hotwaxmedia.com>wrote:

>
> Could you be more specific? In other words, which part of the application
> were you using and what was the error message that you got?
>
> You mentioned a problem uploading images... which baffles me the most
> because the ESAPI changes are _only_ for String attributes on services. What
> was the error that you got for that?
>
> More details would be really helpful about the specific issue you're
> running into. Beyond that as a generality (possibly not related to what
> you're running into?), I agree that we should leave the default pretty high,
> and I've just committed a change that does that.
>
> -David
>
>
>
> On Feb 23, 2009, at 4:52 PM, Al Byers wrote:
>
>  I guess one of the first places that we will run into ESAPI affects is in
>> content management when we try to store images and the like that are
>> larger
>> than the default "maxInputSize" = 5000 specified in the antisamy-esapi.xml
>> file.
>>
>> What would be the best approach to dealing with this?
>>
>> 1. Just modify the maxInputSize value? I may want to limit files that are
>> uploaded, but not content that is persisted some other way.
>>
>> 2. In that case do I override the createDataText service (which would mean
>> overriding the "createTextContent" service)?
>>
>> Are there any other options I am missing like specifically changing the
>> value of allowHTML (if that were set to "any" there would be no content
>> limits, right?) for a specific service call?
>>
>> Thanks,
>> -Al
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message