[
https://issues.apache.org/jira/browse/FILEUPLOAD-248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bernd Eckenfels resolved FILEUPLOAD-248.
----------------------------------------
Resolution: Fixed
Fix Version/s: 1.4
Assignee: Bernd Eckenfels
[FILEUPLOAD-248] DiskFileItem might suppress critical IOExceptions on rename -
use FileUtil.move instead.
Also: close input stream silently to make delete more probable. Remove unneeded
BufferedInputStream indirection for readFully().
http://svn.apache.org/viewvc?view=revision&revision=1596086
> [DISK] Unsafe file move operation (possibly swallowing write errors)
> --------------------------------------------------------------------
>
> Key: FILEUPLOAD-248
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-248
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Source
> Reporter: Bernd Eckenfels
> Assignee: Bernd Eckenfels
> Fix For: 1.4
>
>
> Because of a fix for FILEUPLOAD-246 I noticed that there is a
> fileRenameOrCopy function which swallows exceptions on the
> OutputStream#close() method. This is unsafe since a lot of filesystem
> operations can fail in exactly this step.
> There is also a Commons IO Utility which does rename or copy, so the whole
> code block could be removed.
> Problem is here in Line 416:
> http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?revision=1568691&view=markup
> Besides using FileUtil.move() another option would be to add a out.close()
> before the catch.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
