[ https://issues.apache.org/jira/browse/WW-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101413#comment-16101413
]
ASF GitHub Bot commented on WW-4818:
------------------------------------
Github user lukaszlenart commented on the issue:
https://github.com/apache/struts/pull/151
@sdutry yes, you are :)
http://struts.apache.org/submitting-patches.html#how-to-merge-pull-requests
> Default Multipart validation regex is invalid
> ---------------------------------------------
>
> Key: WW-4818
> URL: https://issues.apache.org/jira/browse/WW-4818
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.5.12
> Reporter: adam brin
> Fix For: 2.5.13
>
>
> 2.5.12 introduced a regex matches for multipart requests. The default regex used, however
is significantly too strict based on the RFC, as well as common practice. Specifically, at
minimum, it needs to include the *hyphen* and more likely needs to support all of the fields
defined by the RFC (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).
> {quote}bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "."
/ "/" / ":" / "=" / "?"{quote}
> In basic testing, we've seen:
> {code} Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code}
(generated by the Apache HttpClient)
> and
> {code}multipart/form-data; boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} (generated
by Safari)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
|