Return-Path: Delivered-To: apmail-ofbiz-user-archive@www.apache.org Received: (qmail 94741 invoked from network); 24 Feb 2009 04:30:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Feb 2009 04:30:10 -0000 Received: (qmail 24769 invoked by uid 500); 24 Feb 2009 04:30:07 -0000 Delivered-To: apmail-ofbiz-user-archive@ofbiz.apache.org Received: (qmail 24757 invoked by uid 500); 24 Feb 2009 04:30:07 -0000 Mailing-List: contact user-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ofbiz.apache.org Delivered-To: mailing list user@ofbiz.apache.org Received: (qmail 24746 invoked by uid 99); 24 Feb 2009 04:30:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Feb 2009 20:30:07 -0800 X-ASF-Spam-Status: No, hits=3.4 required=10.0 tests=HTML_MESSAGE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [74.125.46.28] (HELO yw-out-2324.google.com) (74.125.46.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Feb 2009 04:30:01 +0000 Received: by yw-out-2324.google.com with SMTP id 3so1004410ywj.43 for ; Mon, 23 Feb 2009 20:29:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.231.15.74 with SMTP id j10mr1748996iba.30.1235449779229; Mon, 23 Feb 2009 20:29:39 -0800 (PST) In-Reply-To: <8CE52337-4870-4D5D-A655-C0C4821BFDF3@hotwaxmedia.com> References: <53d6c1ac0902231552o7f36212etfe64a641ae2898c0@mail.gmail.com> <8CE52337-4870-4D5D-A655-C0C4821BFDF3@hotwaxmedia.com> Date: Mon, 23 Feb 2009 21:29:39 -0700 Message-ID: <53d6c1ac0902232029w4da6f7fam31d3e379cd0bf5fd@mail.gmail.com> Subject: Re: Dealing with ESAPI in CMS From: Al Byers To: user@ofbiz.apache.org Content-Type: multipart/alternative; boundary=00221532cba03a96460463a291d0 X-Virus-Checked: Checked by ClamAV on apache.org --00221532cba03a96460463a291d0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I was being too general. I was not uploading images. I just used createTextContent and it failed because the limit was set too low. I saw how to fix that with maxInputSize and was just asking the question if there were more granular ways to deal with the problem. -Al On Mon, Feb 23, 2009 at 5:30 PM, David E Jones wrote: > > Could you be more specific? In other words, which part of the application > were you using and what was the error message that you got? > > You mentioned a problem uploading images... which baffles me the most > because the ESAPI changes are _only_ for String attributes on services. What > was the error that you got for that? > > More details would be really helpful about the specific issue you're > running into. Beyond that as a generality (possibly not related to what > you're running into?), I agree that we should leave the default pretty high, > and I've just committed a change that does that. > > -David > > > > On Feb 23, 2009, at 4:52 PM, Al Byers wrote: > > I guess one of the first places that we will run into ESAPI affects is in >> content management when we try to store images and the like that are >> larger >> than the default "maxInputSize" = 5000 specified in the antisamy-esapi.xml >> file. >> >> What would be the best approach to dealing with this? >> >> 1. Just modify the maxInputSize value? I may want to limit files that are >> uploaded, but not content that is persisted some other way. >> >> 2. In that case do I override the createDataText service (which would mean >> overriding the "createTextContent" service)? >> >> Are there any other options I am missing like specifically changing the >> value of allowHTML (if that were set to "any" there would be no content >> limits, right?) for a specific service call? >> >> Thanks, >> -Al >> > > --00221532cba03a96460463a291d0--