struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Brin <ab...@digitalantiquity.org>
Subject Re: Multipart fixes in 2.5.12 and non-file payloads
Date Mon, 17 Jul 2017 12:35:50 GMT
In the automated testing we run on our application there was not one test
that passed that used a browser backend be it Chrome or HtmlUnit without
adjusting the regular expression.

On Mon, Jul 17, 2017 at 5:29 AM, Adam Brin <abrin@digitalantiquity.org>
wrote:

> Hi Lukasz,
>   Yes,
>
> - adam
>
> On Sun, Jul 16, 2017 at 11:03 PM, Lukasz Lenart <lukaszlenart@apache.org>
> wrote:
>
>> I assume that this is the related ticket to this [1], right?
>>
>> [1] https://issues.apache.org/jira/browse/WW-4818
>>
>> 2017-07-14 15:46 GMT+02:00 Adam Brin <abrin@digitalantiquity.org>:
>> > We have a number of API components that include a textBody as part of
>> the
>> > multipart request.  In 2.5.12, these requests are being kicked out
>> (while
>> > in 2.5.10 they were fine.  changing the constant:
>> >
>> >     <constant name="struts.multipart.validationRegex" value="(.*)"/>
>> >
>> > to allow anything (as in the example) seems to fix the issue, but this
>> > seems imprudent.  This is the code that's making the  API call, which
>> seems
>> > harmless enough:
>> >
>> >               // using the
>> > org.apache.http.entity.mime.MultipartEntityBuilder
>> >
>> >         MultipartEntityBuilder builder = MultipartEntityBuilder.create(
>> );
>> >
>> >         builder.addTextBody("record", docXml, ContentType.create(
>> > "application/xml", Consts.UTF_8));
>> >
>> >         builder.addTextBody(ACCOUNT_ID, accountId.toString());
>> >
>> >         HttpPost post = new HttpPost(baseUrl + API_INGEST_UPDATE_FILES);
>> >
>> >         post.setEntity(builder.build());
>> >
>> >         CloseableHttpResponse response = getHttpClient().execute(post);
>> >
>> >
>> > In looking deeper, (with the http requests on trace, we see multipart
>> > boundaries of:
>> >
>> >  Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C*-*
>> > CTbP2fNljGAOVk[\r][\n]
>> >
>> >
>> > It looks like the RFC does include hyphens in the boundaries too:
>> > https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html though I'm less
>> > sure about other characters.  I worry this default regex will likely
>> trip
>> > up lots of uploads silently,
>> > --
>> > _________________________________________________________
>> > Adam Brin
>> > Director of Technology, Digital Antiquity
>> > 480.965.1278
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
> --
> _________________________________________________________
> Adam Brin
> Director of Technology, Digital Antiquity
> 480.965.1278 <(480)%20965-1278>
>



-- 
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message