adam brin created WW-4818:
-----------------------------
Summary: Default Multipart validation regex is invalid
Key: WW-4818
URL: https://issues.apache.org/jira/browse/WW-4818
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.5.12
Reporter: adam brin
2.5.12 introduced a regex matches for multipart requests. The default regex
used, however is significantly too strict based on the RFC, as well as common
practice. Specifically, at minimum, it needs to include the *hyphen* and more
likely needs to support all of the fields defined by the RFC
(https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).
{quote}bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-"
/ "." / "/" / ":" / "=" / "?"{quote}
In basic testing, we've seen:
{code} Content-Type: multipart/form-data;
boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code} (generated by the
Apache HttpClient)
and
{code}multipart/form-data;
boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} (generated by Safari)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
