OlivierJaquemet opened a new pull request, #203: URL: https://github.com/apache/commons-fileupload/pull/203
The set FileCountMax limit introduced in 1.5 incorrectly count both simple form fields and files As described in the javadoc, the setFileCountMax is "the maximum number of files allowed per request." Bug : current implementation throws an exception when the number of fields reaches the limit, thus including both file and simple field. Expected behavior : Exception should only be thrown when number of *file* reaches the limit. To prevent DoS in a practical manner, only files should be limited, as number of simple form fields can be very large and should not be limited. Fix : 1. Add unittest in SizesTest to check expected behavior 2. Change implementation in FileUploadBase to count and check only real file items, not simple form field -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
