struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fabio Fucci (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-3025) Parameters get lost when file upload over max size allowed
Date Tue, 26 Jul 2011 09:05:10 GMT

    [ https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13071011#comment-13071011
] 

Fabio Fucci commented on WW-3025:
---------------------------------

Setting the maximum size property in the FileUploadInterceptor as Maurizio suggested

{noformat}
<interceptor-ref name="fileUpload">
<param name="maximumSize">100</param>
</interceptor-ref>
{noformat}

will solve only the simple case of the checking the size of a single uploaded file (even if
you have multiple uploaded files the interceptor checks for the size of every single file).
The only way to limit the total size of uploaded files (the sum of all the files) is to act
on struts.multipart.maxSize property (that is affected from the reported problem).

Am I right?

> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
>                 Key: WW-3025
>                 URL: https://issues.apache.org/jira/browse/WW-3025
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.1.6
>         Environment: All
>            Reporter: Tom Nguyen
>             Fix For: 2.2.x, 2.3
>
>
> When the uploaded file gets rejected because it's content, size, or because of a general
problem an Exception is thrown by the MultiPartRequest class. Exceptions are: InvalidContentTypeException,
UnknownSizeException, SizeLimitExceededException, and FileUploadException. This can lead to
serious problems within the application because the other parameters from the upload form
get lost. Happening in a profile page for example means that the user data is lost this can
lead to a security Exception. In other case this usually just involves a OGNL-Exception. Meaning
your field data like personal file name is lost. Workaround found in http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/,
but the the still keep uploading to server, not secured.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message