I apologize if this is already known, but while testing out the java
implementation of the Sword2 server I found that the extraction of
multipart/related deposit requests containing an atom entry and a content
file could not read the individual file headers, resulting in a null
pointer exception. The effected code is
org.swordapp.server.SwordAPIEndpoint.getPartsFromRequest(HttpServletRequest)
It turns out this is a bug in commons-fileupload 1.2.1 and 1.2.2 which they
have patched in their 1.2.3 snapshot. In previous versions the library is
simply not holding onto individual file headers even when told to do so.
Rebuilding with the updated dependency fixes this issue. See:
https://github.com/apache/commons-fileupload/commit/2e664e3003042a1ac5886b3ab121a1bc05a68a38
https://repository.apache.org/content/repositories/snapshots/commons-fileupload/commons-fileupload/1.2.3-SNAPSHOT/
One last minor thing, I also wanted to mention that getFilename and getName
in the same class are slightly off in their trimming of trailing quotes.
Thanks
- Ben Pennell
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sword-app-tech mailing list
sword-app-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sword-app-tech
