Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3A001106A4 for ; Mon, 11 Nov 2013 14:26:42 +0000 (UTC) Received: (qmail 71936 invoked by uid 500); 11 Nov 2013 14:26:41 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 71743 invoked by uid 500); 11 Nov 2013 14:26:24 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 71610 invoked by uid 99); 11 Nov 2013 14:26:19 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Nov 2013 14:26:19 +0000 Date: Mon, 11 Nov 2013 14:26:19 +0000 (UTC) From: "Chris Cranford (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (WW-3025) Parameters get lost when file upload over max size allowed MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13818992#comment-13818992 ] Chris Cranford commented on WW-3025: ------------------------------------ I am working on a new multipart parser for Struts2 I am calling JakartaStreamMultiPartRequest. This multi-part parser behaves identical to the existing Jakarta multi-part parser except that it uses the Commons FileUpload Streaming API and rather than delegating maximum request size check to the File Upload API, it's done internally to avoid the existing problem of the Upload API breaking the loop iteration and parameters being lost. I should have it polished and posted as an attachment within the next 24-48 hours. > Parameters get lost when file upload over max size allowed > ---------------------------------------------------------- > > Key: WW-3025 > URL: https://issues.apache.org/jira/browse/WW-3025 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors > Affects Versions: 2.1.6 > Environment: All > Reporter: Tom Nguyen > Fix For: Future > > > When the uploaded file gets rejected because it's content, size, or because of a general problem an Exception is thrown by the MultiPartRequest class. Exceptions are: InvalidContentTypeException, UnknownSizeException, SizeLimitExceededException, and FileUploadException. This can lead to serious problems within the application because the other parameters from the upload form get lost. Happening in a profile page for example means that the user data is lost this can lead to a security Exception. In other case this usually just involves a OGNL-Exception. Meaning your field data like personal file name is lost. Workaround found in http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/, but the the still keep uploading to server, not secured. -- This message was sent by Atlassian JIRA (v6.1#6144)