(commons-fileupload) branch master updated: AbstractFileUpload support for partHeaderSizeMax limit (#429)

Tue, 09 Sep 2025 07:38:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git


The following commit(s) were added to refs/heads/master by this push:
     new 3240e921 AbstractFileUpload support for partHeaderSizeMax limit (#429)
3240e921 is described below

commit 3240e921c92659bdb79aa20f7fad86189d0f1460
Author: Ryan J Murphy <ryanm...@gmail.com>
AuthorDate: Tue Sep 9 08:37:51 2025 -0600

    AbstractFileUpload support for partHeaderSizeMax limit (#429)
---
 .../fileupload2/core/AbstractFileUpload.java       | 27 +++++++++++++++++++
 .../core/FileItemInputIteratorImpl.java            |  7 ++++-
 .../commons/fileupload2/core/MultipartInput.java   | 18 ++++++-------
 .../fileupload2/core/AbstractSizesTest.java        | 30 ++++++++++++++++++++++
 4 files changed, 72 insertions(+), 10 deletions(-)

diff --git 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractFileUpload.java
 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractFileUpload.java
index bef1e29a..90b3ec86 100644
--- 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractFileUpload.java
+++ 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/AbstractFileUpload.java
@@ -134,6 +134,11 @@ public abstract class AbstractFileUpload<R, I extends 
FileItem<I>, F extends Fil
      */
     private long fileCountMax = -1;
 
+    /**
+     * The maximum permitted size of the headers provided with a single part 
in bytes.
+     */
+    private int partHeaderSizeMax = 
MultipartInput.DEFAULT_PART_HEADER_SIZE_MAX;
+
     /**
      * The content encoding to use when reading part headers.
      */
@@ -347,6 +352,17 @@ public abstract class AbstractFileUpload<R, I extends 
FileItem<I>, F extends Fil
         return headers;
     }
 
+    /**
+     * Gets the per part size limit for headers.
+     *
+     * @return The maximum size of the headers for a single part in bytes.
+     *
+     * @since 2.0.0-M5
+     */
+    public int getPartHeaderSizeMax() {
+        return partHeaderSizeMax;
+    }
+
     /**
      * Gets the progress listener.
      *
@@ -548,6 +564,17 @@ public abstract class AbstractFileUpload<R, I extends 
FileItem<I>, F extends Fil
         this.headerCharset = headerCharset;
     }
 
+    /**
+     * Sets the per part size limit for headers.
+     *
+     * @param partHeaderSizeMax The maximum size of the headers in bytes.
+     *
+     * @since 2.0.0-M5
+     */
+    public void setPartHeaderSizeMax(final int partHeaderSizeMax) {
+        this.partHeaderSizeMax = partHeaderSizeMax;
+    }
+
     /**
      * Sets the progress listener.
      *
diff --git 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java
 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java
index f35c2fbb..23a60424 100644
--- 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java
+++ 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/FileItemInputIteratorImpl.java
@@ -290,7 +290,12 @@ class FileItemInputIteratorImpl implements 
FileItemInputIterator {
 
         progressNotifier = new 
MultipartInput.ProgressNotifier(fileUploadBase.getProgressListener(), 
requestSize);
         try {
-            multiPartInput = 
MultipartInput.builder().setInputStream(inputStream).setBoundary(multiPartBoundary).setProgressNotifier(progressNotifier).get();
+            multiPartInput = MultipartInput.builder()
+                .setInputStream(inputStream)
+                .setBoundary(multiPartBoundary)
+                .setProgressNotifier(progressNotifier)
+                .setPartHeaderSizeMax(fileUploadBase.getPartHeaderSizeMax())
+                .get();
         } catch (final IllegalArgumentException e) {
             IOUtils.closeQuietly(inputStream); // avoid possible resource leak
             throw new FileUploadContentTypeException(String.format("The 
boundary specified in the %s header is too long", 
AbstractFileUpload.CONTENT_TYPE), e);
diff --git 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java
 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java
index 18ff991b..122ecb7b 100644
--- 
a/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java
+++ 
b/commons-fileupload2-core/src/main/java/org/apache/commons/fileupload2/core/MultipartInput.java
@@ -160,15 +160,15 @@ public final class MultipartInput {
             return this;
         }
 
-       /** Sets the per part size limit for headers.
-     * @param partHeaderSizeMax The maximum size of the headers in bytes.
-     * @return This builder.
-     * @since 2.0.0-M4
-     */
-    public Builder setPartHeaderSizeMax(final int partHeaderSizeMax) {
-        this.partHeaderSizeMax = partHeaderSizeMax;
-        return this;
-    }
+        /** Sets the per part size limit for headers.
+         * @param partHeaderSizeMax The maximum size of the headers in bytes.
+         * @return This builder.
+         * @since 2.0.0-M4
+         */
+        public Builder setPartHeaderSizeMax(final int partHeaderSizeMax) {
+            this.partHeaderSizeMax = partHeaderSizeMax;
+            return this;
+        }
 
         /**
              * Sets the progress notifier.
diff --git 
a/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractSizesTest.java
 
b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractSizesTest.java
index 3f7beed8..208893bc 100644
--- 
a/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractSizesTest.java
+++ 
b/commons-fileupload2-core/src/test/java/org/apache/commons/fileupload2/core/AbstractSizesTest.java
@@ -39,6 +39,36 @@ import org.junit.jupiter.api.Test;
 public abstract class AbstractSizesTest<AFU extends AbstractFileUpload<R, I, 
F>, R, I extends FileItem<I>, F extends FileItemFactory<I>>
         extends AbstractTest<AFU, R, I, F> {
 
+    /**
+     * Checks whether limiting the PartHeaderSizeMax works.
+     *
+     * @throws IOException Test failure.
+     */
+    @Test
+    void testFilePartHeaderSizeMax() throws IOException {
+        final String request = "-----1234\r\n" +
+            "Content-Disposition: form-data; name=\"file\"; 
filename=\"foo.tab\"\r\n" +
+            "Content-Type: text/whatever\r\n" +
+            "Content-Length: 10\r\n" +
+            "\r\n" +
+            "This is the content of the file\n" +
+            "\r\n" +
+            "-----1234--\r\n";
+
+        final var upload = newFileUpload();
+        upload.setPartHeaderSizeMax(200);
+        final var req = newMockHttpServletRequest(request, null, null);
+        final var fileItems = upload.parseRequest(req);
+        assertEquals(1, fileItems.size());
+        final var item = fileItems.get(0);
+        assertEquals("This is the content of the file\n", new 
String(item.get()));
+
+        var upload2 = newFileUpload();
+        upload2.setPartHeaderSizeMax(10);
+        var req2 = newMockHttpServletRequest(request, null, null);
+        assertThrows(FileUploadSizeException.class, () -> 
upload2.parseRequest(req2));
+    }
+
     /**
      * Checks, whether limiting the file size works.
      *

Reply via email to