This is rather a hardening to avoid potential feature security vulnerabilities. In ParametersInterceptor we do not allow some certain names of the parameters and the same should be used for uploading and any other "user input".
Maybe it would be good to create one the same mechanism which can be shared by any interceptor/action :thinking: pt., 7 lut 2025 o 13:02 Greg Huber <gregh3...@gmail.com> napisał(a): > > What is this actually escaping? Stuff that can mess with the system? > > Not had any uploads bounce so far. > > On 05/02/2025 04:20, Kusal Kithul-Godage wrote: > > I've just tested this with the Confluence Data Center application. > > > > The file name filtering is actually causing a user experience regression > > for us. > > > > Previously, we were able to validate the filename manually and display > > the user an error - "Unsupported characters in file name". Now that > > the file is discarded immediately, it shows the user an "Upload not > > found" error which is not accurate. > > > > I think the new validation should also add a LocalizedMessage that can > > be retrieved by MultiPartRequest#getErrors like we have for other > > validations. What do you think? > > > > On Tue, Feb 4, 2025 at 5:59 PM Lukasz Lenart<lukaszlen...@apache.org> wrote: > >> Hello, > >> > >> This is a patch release of Struts 6.x.x which contains only > >> non-breaking changes. Please take the time and test the bits - any > >> help is appreciated. Please report any problems you will spot. > >> > >> Here are the changes from the previous version: > >> https://github.com/apache/struts/releases/tag/STRUTS_6_7_2 > >> > >> Staging Maven repo > >> https://repository.apache.org/content/groups/staging/ > >> > >> Standalone artifacts > >> https://dist.apache.org/repos/dist/dev/struts/6.7.2/ > >> > >> Release notes > >> https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.7.2 > >> > >> > >> Kind regards > >> -- > >> Łukasz > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org > >> For additional commands, e-mail:dev-h...@struts.apache.org > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org > > For additional commands, e-mail:dev-h...@struts.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
