tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Builder Lynx Demo <>
Subject multipart/form-data request with 2 files with the same name - possible bug
Date Mon, 13 Jul 2020 17:33:13 GMT

I'm using Tomcat 8.5.15 on Linux (CentOS 7).

Imagine the following scenario:

I have a web page with a form with a structure like:
<form  method="POST" action="..." enctype="multipart/form-data">
  <input type="file" name="file1">
  <input type="file" name="file2">

The user selects two different files.  However, both files have the same 
name (they reside in different directories on the users computer).  So 
the form is like:
  <input type="file" name="file1" value="somefile.jpg">  // This file 
came from /home/user/pics1/somefile.jpg
  <input type="file" name="file2" value="somefile.jpg">  // This file 
came from /home/user/pics2/somefile.jpg
Although both these files have the same name, they are different 
contents (different images).

The user then submits the form.

My tomcat is configured to accept multipart/form-data posts.  Here is 
the relevant portion in the WEB-INF/web.xml:

Assuming both the files are larger than 5000 bytes, then both should be 
saved in the /home/pics directory.
However (and this is the issue) given that they have the same name, then 
one file over-writes the second file.  The result is that the "value" of 
one of the input parameters is essentially lost.  Or to put it another 
way, in the /home/pics directory, only a single file version of 
"somefile.jpg" is saved, and one is lost (over-written).

I have reviewed the relevant RFC:
However it is essentially silent on this particular issue.  The issue 
being: how to handle multiple parts with the same name.

One possible solution is to ask the user to rename the files to be 
unique before uploading.  That would be a work around for desktop/laptop 
users.  However we actually discovered this issue on iOS devices...  
When Safari or Chrome on iOS use the form, then the form shows a 
"Browse" button.  That button allows the user to take a picture with the 
device camera.  The file name of the image is always "image.jpg".  Both 
form fields have the same file name value, just "image.jpg".  This then 
causes the problem.  There is no reasonable way to rename the files on 
iOS devices that are captured from the camera.  On Android devices, as a 
point of comparison, each camera image is saved with a unique file name, 
and that is what the browser processes.

My desired solution would be to have the multipart processor work to be 
able to handle this scenario.  I think the best solution would be to 
rename the file when duplicates are found in the request.  Or something 

I did a bunch of searching on the mailing list to see if this has come 
up before.  I didn't find anything. Apologies if it is a solved issue 
some how and I just didn't find it.

Thank-you for your help with this.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message