[jira] [Commented] (WW-4818) Default Multipart validation regex is invalid

Tue, 25 Jul 2017 04:38:48 -0700 

    [ 
https://issues.apache.org/jira/browse/WW-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16099899#comment-16099899
 ] 

ASF GitHub Bot commented on WW-4818:
------------------------------------

GitHub user sdutry opened a pull request:

    https://github.com/apache/struts/pull/151

    WW-4818 change default Multipart validation regex to comply with RFC1341

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sdutry/struts WW-4818

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/struts/pull/151.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #151
    
----
commit 68d52dbe42aebc8e24379ebfaf4f306dd261b91c
Author: Stefaan Dutry <[email protected]>
Date:   2017-07-25T11:05:07Z

    WW-4818 change default Multipart validation regex to comply with RFC1341

----


> Default Multipart validation regex is invalid
> ---------------------------------------------
>
>                 Key: WW-4818
>                 URL: https://issues.apache.org/jira/browse/WW-4818
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.5.12
>            Reporter: adam brin
>             Fix For: 2.5.13
>
>
> 2.5.12 introduced a regex matches for multipart requests.  The default regex 
> used, however is significantly too strict based on the RFC, as well as common 
> practice.  Specifically, at minimum, it needs to include the *hyphen* and 
> more likely needs to support all of the fields defined by the RFC 
> (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).
> {quote}bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / 
> "-" / "." / "/" / ":" / "=" / "?"{quote}
> In basic testing, we've seen:
> {code} Content-Type: multipart/form-data; 
> boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code} (generated by the 
> Apache HttpClient)
> and
> {code}multipart/form-data; 
> boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} (generated by Safari)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to