struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Cranford (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-3025) Parameters get lost when file upload over max size allowed
Date Mon, 11 Nov 2013 14:26:19 GMT

    [ https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13818992#comment-13818992
] 

Chris Cranford commented on WW-3025:
------------------------------------

I am working on a new multipart parser for Struts2 I am calling JakartaStreamMultiPartRequest.
 

This multi-part parser behaves identical to the existing Jakarta multi-part parser except
that it uses the Commons FileUpload Streaming API and rather than delegating maximum request
size check to the File Upload API, it's done internally to avoid the existing problem of the
Upload API breaking the loop iteration and parameters being lost.

I should have it polished and posted as an attachment within the next 24-48 hours.

> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
>                 Key: WW-3025
>                 URL: https://issues.apache.org/jira/browse/WW-3025
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.1.6
>         Environment: All
>            Reporter: Tom Nguyen
>             Fix For: Future
>
>
> When the uploaded file gets rejected because it's content, size, or because of a general
problem an Exception is thrown by the MultiPartRequest class. Exceptions are: InvalidContentTypeException,
UnknownSizeException, SizeLimitExceededException, and FileUploadException. This can lead to
serious problems within the application because the other parameters from the upload form
get lost. Happening in a profile page for example means that the user data is lost this can
lead to a security Exception. In other case this usually just involves a OGNL-Exception. Meaning
your field data like personal file name is lost. Workaround found in http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/,
but the the still keep uploading to server, not secured.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message