struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4958) File upload fails from certain clients
Date Sat, 30 Mar 2019 08:20:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16805711#comment-16805711
] 

ASF GitHub Bot commented on WW-4958:
------------------------------------

lukaszlenart commented on pull request #344: [WW-4958] Uses less restrictive RegEx to check
if it's a multipart request
URL: https://github.com/apache/struts/pull/344
 
 
   Fixes [WW-4958](https://issues.apache.org/jira/browse/WW-4958)
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> File upload fails from certain clients
> --------------------------------------
>
>                 Key: WW-4958
>                 URL: https://issues.apache.org/jira/browse/WW-4958
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Dispatch Filter
>    Affects Versions: 2.5.17
>            Reporter: Tamás Faragó
>            Priority: Major
>             Fix For: 2.5.21, 2.6
>
>
> 2.5.11 added more validation on whether to accept file uploads. Previously there was
only a check if the HTTP header contained "multipart/form-data", now there is the following
regex in Dispatcher::isMultipartRequest.
>  
> {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(;
boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
>  
> This is too restrictive, apache http client for example adds a white space between the
semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten
in the config. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message