struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4818) Default Multipart validation regex is invalid
Date Wed, 26 Jul 2017 11:05:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101543#comment-16101543
] 

Hudson commented on WW-4818:
----------------------------

SUCCESS: Integrated in Jenkins build Struts-master-JDK7 #7 (See [https://builds.apache.org/job/Struts-master-JDK7/7/])
WW-4818 change default Multipart validation regex to comply with RFC1341 (stefaan.dutry: rev
68d52dbe42aebc8e24379ebfaf4f306dd261b91c)
* (edit) core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
WW-4818 added a couple of simple tests for MULTIPART_FORM_DATA_REGEX (stefaan.dutry: rev bbbe2a80356811ff4dbaa99da2417a067eb614cc)
* (edit) core/src/test/java/org/apache/struts2/dispatcher/DispatcherTest.java


> Default Multipart validation regex is invalid
> ---------------------------------------------
>
>                 Key: WW-4818
>                 URL: https://issues.apache.org/jira/browse/WW-4818
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.5.12
>            Reporter: adam brin
>             Fix For: 2.5.13
>
>
> 2.5.12 introduced a regex matches for multipart requests.  The default regex used, however
is significantly too strict based on the RFC, as well as common practice.  Specifically, at
minimum, it needs to include the *hyphen* and more likely needs to support all of the fields
defined by the RFC (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).
> {quote}bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "."
/ "/" / ":" / "=" / "?"{quote}
> In basic testing, we've seen:
> {code} Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code}
(generated by the Apache HttpClient)
> and
> {code}multipart/form-data; boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} (generated
by Safari)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message