[jira] [Updated] (WW-4958) File upload fails from certain clients

Thu, 06 Sep 2018 20:26:37 -0700 


     [ 
https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamás Faragó updated WW-4958:
-----------------------------
    Description: 
2.5.11 added more validation on whether to accept file uploads. Previously 
there was only a check if the HTTP header contained "multipart/form-data", now 
there is the following regex in Dispatcher::isMultipartRequest.

 
{quote}public static final String MULTIPART_FORM_DATA_REGEX = 
"^multipart/form-data(; 
boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(;charset=[a-zA-Z\\-0-9]{3,14})?";
{quote}
This is too restrictive, apache http client for example adds a white space 
between the semicolon and "charset" and thus all file uploads are failing 
unless this regex is overwritten in the config. 

  was:
2.5.11 added more validation on whether to accept file uploads. Previously 
there was only a check if the HTTP header contained "multipart/form-data", now 
there is the following regex in isMultiPartRequest().

 
{quote}public static final String MULTIPART_FORM_DATA_REGEX = 
"^multipart/form-data(; 
boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
This is too restrictive, apache http client for example adds a white space 
between the semicolon and "charset" and thus all file uploads are failing 
unless this regex is overwritten in the config. 


> File upload fails from certain clients
> --------------------------------------
>
>                 Key: WW-4958
>                 URL: https://issues.apache.org/jira/browse/WW-4958
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Dispatch Filter
>    Affects Versions: 2.5.17
>            Reporter: Tamás Faragó
>            Priority: Major
>
> 2.5.11 added more validation on whether to accept file uploads. Previously 
> there was only a check if the HTTP header contained "multipart/form-data", 
> now there is the following regex in Dispatcher::isMultipartRequest.
>  
> {quote}public static final String MULTIPART_FORM_DATA_REGEX = 
> "^multipart/form-data(; 
> boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(;charset=[a-zA-Z\\-0-9]{3,14})?";
> {quote}
> This is too restrictive, apache http client for example adds a white space 
> between the semicolon and "charset" and thus all file uploads are failing 
> unless this regex is overwritten in the config. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to