struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "adam brin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4818) Default Multipart validation regex is invalid
Date Fri, 14 Jul 2017 17:56:00 GMT
adam brin created WW-4818:
-----------------------------

             Summary: Default Multipart validation regex is invalid
                 Key: WW-4818
                 URL: https://issues.apache.org/jira/browse/WW-4818
             Project: Struts 2
          Issue Type: Bug
    Affects Versions: 2.5.12
            Reporter: adam brin


2.5.12 introduced a regex matches for multipart requests.  The default regex used, however
is significantly too strict based on the RFC, as well as common practice.  Specifically, at
minimum, it needs to include the *hyphen* and more likely needs to support all of the fields
defined by the RFC (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).

{quote}bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/"
/ ":" / "=" / "?"{quote}

In basic testing, we've seen:
{code} Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code}
(generated by the Apache HttpClient)
and
{code}multipart/form-data; boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} (generated
by Safari)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message