[jira] [Commented] (WW-3025) Parameters get lost when file upload over max size allowed

Wed, 22 Jun 2011 20:02:36 -0700 

    [ 
https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13053625#comment-13053625
 ] 

jagub zhang commented on WW-3025:
---------------------------------

I think there is 2 problems in this question.

1.commons-fileupload can not control error.
        It can only throw FileUploadException. I suggest it supply an error 
handler.
2.interface MultiPartRequest without method getFileSize()
        When FileUploadInterceptor check the file size, must use File#length() 
method.

about the first one,
we can create a new DiskFileItemFactory, create file only the file size under 
maximumSize
If file size is above the maximumSize, only register size of the DiskFileItem.
(just control fileupload error ourself, before commons team fix the problem)

about the second,
If MultiPartRequest supply getFileSize() method, FileUploadInterceptor can 
check file size without the real file object
then we can check file size even it is not be stored.


> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
>                 Key: WW-3025
>                 URL: https://issues.apache.org/jira/browse/WW-3025
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.1.6
>         Environment: All
>            Reporter: Tom Nguyen
>             Fix For: 2.2.x, 2.3
>
>
> When the uploaded file gets rejected because it's content, size, or because 
> of a general problem an Exception is thrown by the MultiPartRequest class. 
> Exceptions are: InvalidContentTypeException, UnknownSizeException, 
> SizeLimitExceededException, and FileUploadException. This can lead to serious 
> problems within the application because the other parameters from the upload 
> form get lost. Happening in a profile page for example means that the user 
> data is lost this can lead to a security Exception. In other case this 
> usually just involves a OGNL-Exception. Meaning your field data like personal 
> file name is lost. Workaround found in 
> http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/,
>  but the the still keep uploading to server, not secured.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to