[
https://issues.apache.org/jira/browse/WW-5520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5520:
------------------------------
Fix Version/s: 7.1.0
> Fileupload Events
> -----------------
>
> Key: WW-5520
> URL: https://issues.apache.org/jira/browse/WW-5520
> Project: Struts 2
> Issue Type: Improvement
> Reporter: Alireza Fattahi
> Priority: Minor
> Fix For: 7.1.0
>
>
> According to security policies we should log different events and errors
> during file upload. Example of these events are:
> # file is type is not right
> # file is format is not right
> # file is too big
> # user has uploaded successfully
> We find the only solution is to replace our own `{*}AbstractInterceptor{*}`
> and `{*}ActionFileUploadInterceptor{*}` to achieve this. We copied
> `{*}AbstractInterceptor{*}` and `{*}ActionFileUploadInterceptor{*}` sources
> (from struts) and put the log commands inside the classes.
> example
> {code:java}
> // Part of AbstractInterceptor line 145:
> if (maximumSize != null && maximumSize < file.length()) {
> String errMsg = getTextMessage(action,
> STRUTS_MESSAGES_ERROR_FILE_TOO_LARGE_KEY, new String[]{
> inputName, originalFilename, file.getName(), "" +
> file.length(), getMaximumSizeStr(action)
> });
> errorMessages.add(errMsg);
> LOG.warn(errMsg);
> //@Addby project
> logsecurity.putLog("validation failed" + file.getOriginalName() +
> " file is too big");
> } {code}
> Although it works but seems not a good solution at all. Is it better way.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
