struts-issues mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Tamás Faragó (JIRA) <j...@apache.org>
Subject	[jira] [Updated] (WW-4958) File upload fails from certain clients
Date	Fri, 07 Sep 2018 03:26:00 GMT
[ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamás Faragó updated WW-4958: ----------------------------- Description: 2.5.11 added more validation on whether to accept file uploads. Previously there was only a check if the HTTP header contained "multipart/form-data", now there is the following regex in Dispatcher::isMultipartRequest. {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(;charset=[a-zA-Z\\-0-9]{3,14})?"; {quote} This is too restrictive, apache http client for example adds a white space between the semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten in the config. was: 2.5.11 added more validation on whether to accept file uploads. Previously there was only a check if the HTTP header contained "multipart/form-data", now there is the following regex in isMultiPartRequest(). {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote} This is too restrictive, apache http client for example adds a white space between the semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten in the config. > File upload fails from certain clients > -------------------------------------- > > Key: WW-4958 > URL: https://issues.apache.org/jira/browse/WW-4958 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter > Affects Versions: 2.5.17 > Reporter: Tamás Faragó > Priority: Major > > 2.5.11 added more validation on whether to accept file uploads. Previously there was only a check if the HTTP header contained "multipart/form-data", now there is the following regex in Dispatcher::isMultipartRequest. > > {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(;charset=[a-zA-Z\\-0-9]{3,14})?"; > {quote} > This is too restrictive, apache http client for example adds a white space between the semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten in the config. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Mime	Unnamed text/plain (inline, Quoted Printable, 2538 bytes)
	View raw message