[
https://issues.apache.org/jira/browse/FILEUPLOAD-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531755
]
Stepan Koltsov commented on FILEUPLOAD-148:
-------------------------------------------
I think this functionality would be useful to all users. Because almost nobody
checks file.getSize() before calling getString(), so almost any site that uses
commons-fileupload can be DOSed by uploading big flie into "text" field.
> FileItemFactory.setMaxStringLength()
> ------------------------------------
>
> Key: FILEUPLOAD-148
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-148
> Project: Commons FileUpload
> Issue Type: New Feature
> Affects Versions: 1.2
> Reporter: Stepan Koltsov
>
> Need method
> FileItemFactory.setMaxStringLength(int limitInBytes)
> When this parameter is set, calling of FileItem.getString() when getSize()
> exceeds limitInBytes should throw Exception. This is required to avoid OOME
> in case of wrongly submitted forms (i. e. when bad guy puts big file into the
> form field "fileDescription").
> Or even better sizeThreshold should be used for this value.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
