struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamás Faragó (JIRA) <j...@apache.org>
Subject [jira] [Updated] (WW-4958) File upload fails from certain clients
Date Fri, 07 Sep 2018 03:25:00 GMT

     [ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tamás Faragó updated WW-4958:
-----------------------------
    Description: 
2.5.11 added more validation on whether to accept file uploads. Previously there was only
a check if the HTTP header contained "multipart/form-data", now there is the following regex
in isMultiPartRequest().

 
{quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
This is too restrictive, apache http client for example adds a white space between the semicolon
and "charset" and thus all file uploads are failing unless this regex is overwritten in the
config. 

  was:
2.5.11 added more validation on whether to accept file uploads. Previously there was only
a check if the HTTP header contained "multiparty/form-data", now there is the following regex
in isMultiPartRequest().

{{public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(;charset=[a-zA-Z\\-0-9]{3,14})?";}}

This is too restrictive, apache http client for example adds a white space between the semicolon
and "charset" and thus all file uploads are failing unless this regex is overwritten in the
config. 


> File upload fails from certain clients
> --------------------------------------
>
>                 Key: WW-4958
>                 URL: https://issues.apache.org/jira/browse/WW-4958
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Dispatch Filter
>    Affects Versions: 2.5.17
>            Reporter: Tamás Faragó
>            Priority: Major
>
> 2.5.11 added more validation on whether to accept file uploads. Previously there was
only a check if the HTTP header contained "multipart/form-data", now there is the following
regex in isMultiPartRequest().
>  
> {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(;
boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
> This is too restrictive, apache http client for example adds a white space between the
semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten
in the config. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message