[
https://issues.apache.org/jira/browse/SLING-6017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449035#comment-15449035
]
Ian Boston commented on SLING-6017:
-----------------------------------
Reported in SLING-5948
{code}
curl -o /dev/null -v -F key1=value1 -F [email protected] -w
%{time_connect}:%{time_starttransfer}:%{time_total}
http://admin:admin@localhost:8080/temp/file4?uploadmode=stream
{code}
Causes key1=value1 to be processed as a file upload since isFormField(part) [1]
returns false due to part.getSubmittedFile() being non null [2].
The JavaDoc [3] indicates that getName() should be used to get the file name of
submitted by the client, and not getFieldName(), although in some examples
getFieldName appears to have been used incorrectly. This may be because
Part.getName() is the Servlet API 3.1 equivalent of FileItem.getFiledName() and
Part.getSubmittedFileName() is the Servlet API 3.1 equivalent of
FileItem.getName(). see [4]
1
https://github.com/apache/sling/blob/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/StreamedUploadOperation.java#L95
2
https://github.com/apache/sling/blob/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/parameters/RequestPartsIterator.java#L148
3
https://commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileItemStream.html
4 https://docs.oracle.com/javaee/7/api/javax/servlet/http/Part.html
> Streaming Uplads detection of request parameters is wrong.
> ----------------------------------------------------------
>
> Key: SLING-6017
> URL: https://issues.apache.org/jira/browse/SLING-6017
> Project: Sling
> Issue Type: Bug
> Components: Engine, Servlets
> Affects Versions: Servlets Post 2.3.12, Engine 2.6.2
> Reporter: Ian Boston
> Assignee: Ian Boston
>
> The way in which a request field that is not a file upload is detected is
> wrong. Reported in SLING-5948.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
