Bernd Eckenfels created FILEUPLOAD-248:
------------------------------------------
Summary: [DISK] Unsafe file move operation (possibly swallowing
write errors)
Key: FILEUPLOAD-248
URL: https://issues.apache.org/jira/browse/FILEUPLOAD-248
Project: Commons FileUpload
Issue Type: Bug
Affects Versions: 1.4
Environment: Source
Reporter: Bernd Eckenfels
Because of a fix for FILEUPLOAD-246 I noticed that there is a fileRenameOrCopy
function which swallows exceptions on the OutputStream#close() method. This is
unsafe since a lot of filesystem operations can fail in exactly this step.
There is also a Commons IO Utility which does rename or copy, so the whole code
block could be removed.
Problem is here in Line 416:
http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?revision=1568691&view=markup
Besides using FileUtil.move() another option would be to add a out.close()
before the catch.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
