velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Temple" <ntem...@alivecity.com>
Subject RE: Form upload failure
Date Tue, 02 Jul 2002 17:26:08 GMT
Hi Shawn --

I am aware of a bug in Apache 1.3.24 (and below) having to do with chunked
encodings, however the detals are unclear to me other than it is a "security
risk".  Regardless, the first thing I'd try is upgrading to Apache 1.3.26.

Here's the info: http://httpd.apache.org (scroll down a little to SECURITY
ADVISORY).

Nick

-----Original Message-----
From: velocity-user-return-8050-ntemple=alivecity.com@jakarta.apache.org
[mailto:velocity-user-return-8050-ntemple=alivecity.com@jakarta.apache.o
rg]On Behalf Of Shawn Church
Sent: Tuesday, July 02, 2002 12:17 PM
To: velocity-user@jakarta.apache.org
Subject: Form upload failure


Does anyone know of any limitations or problems with Velocity 1.2 / Apache
1.3.24 / Tomcat 3.3a, relating to multipart/form-data templates containing
<INPUT TYPE=FILE> ?  Specifically in the case where I have this type of
template, whose form action is to invoke a servlet which then does nothing
except return the same template (which made the request) to Velocity, I am
getting this from Apache:

HTTP/1.1 200 OK Date: Tue, 02 Jul 2002 16:48:35 GMT Server: Apache/1.3.24
(Win32) mod_jk/1.1.0 Connection: close Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

This problem occurs if I select a file for upload, or if I do not select
anything but rather just resubmit the form a few times in rapid succession.
If I do not select a file, and submit the form no more often than once per
every couple of seconds, the problem does not occur.

Here is a test template:

<html>
<form action="/ec/servlet/upload" method="post"
enctype="multipart/form-data">
  Which file to upload? <INPUT TYPE=FILE NAME=file1> <BR>
<input type=submit>
</form>
</html>


Here's a snippet of the upload servlet, which is coded to do nothing except
return the same form which made the request:

...
public class upload extends VelocityServlet
{
 public Template handleRequest( HttpServletRequest _req, HttpServletResponse
_res, Context _context)
 {
  String templateName = "upload.vm";

  // return the appropriate template
  try
  {
   return getTemplate(templateName);
    }
    catch (Exception e)
    {

  }

  return null;
 }
...

My environment is Velocity 1.2 / Apache 1.3.24 / Tomcat 3.3a, IE 6.0,
running on Win2k.  If my servlet returns a different template than the one
which made the request, everything is fine.

Shawn



--
To unsubscribe, e-mail:   <mailto:velocity-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:velocity-user-help@jakarta.apache.org>


Mime
View raw message