[
https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14000079#comment-14000079
]
Chris Cranford commented on WW-3025:
------------------------------------
I believe most application/web servers have some configuration at the server
level which dictates the maximum request and/or file upload request sizes.
When these values are checked and exceeded, the server typically reports some
4xx/5xx error response to the client; therefore no handler code ever fires.
In the cases where the handler code does fire, the server has already said and
determined (since it didn't error) that space requirements were sufficient -
then the upload parser should simply take the request and parse it. In the
case where individual file sizes exceed some application setting, simply don't
stream that part of the request - ignore it and move to the next chunk. That's
precisely what my class I attached does.
The end result is the action's state is maintained with all form parameters,
excluding any file data which was considered outside the boundaries of the
application's configuration. Now the action can query whatever it may need
from a backing bean/service, copy whatever files were OK to their new location
and report those files which failed with their conditions.
The key here is that the application server itself determines the outcome.
Either it's accepted or not; no gray area. When it reaches the application
itself, now you can be free on how you want to handle it but at least you're
guaranteed that the request's state complete rather than partial or
non-existent.
> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
> Key: WW-3025
> URL: https://issues.apache.org/jira/browse/WW-3025
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.1.6
> Environment: All
> Reporter: Tom Nguyen
> Fix For: 2.3.18
>
> Attachments: JakartaStreamMultiPartRequest.java
>
>
> When the uploaded file gets rejected because it's content, size, or because
> of a general problem an Exception is thrown by the MultiPartRequest class.
> Exceptions are: InvalidContentTypeException, UnknownSizeException,
> SizeLimitExceededException, and FileUploadException. This can lead to serious
> problems within the application because the other parameters from the upload
> form get lost. Happening in a profile page for example means that the user
> data is lost this can lead to a security Exception. In other case this
> usually just involves a OGNL-Exception. Meaning your field data like personal
> file name is lost. Workaround found in
> http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/,
> but the the still keep uploading to server, not secured.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
