Re: Dealing with ESAPI in CMS

Mon, 23 Feb 2009 20:46:53 -0800
Great, cool. Hopefully the new size (100000) should fix that for you. Thanks for reporting it, and of course if you run into anything else please do write it up again. I'm trying to keep an eye on this stuff in particular and be around to fix things since this sort of low-level change tends to impact a lot and causes random problems all over... :( 

-David


On Feb 23, 2009, at 9:29 PM, Al Byers wrote:


I was being too general. I was not uploading images. I just used

createTextContent and it failed because the limit was set too low. I  
saw how
to fix that with maxInputSize and was just asking the question if  
there were

more granular ways to deal with the problem.

-Al

On Mon, Feb 23, 2009 at 5:30 PM, David E Jones
<[email protected]>wrote:




Could you be more specific? In other words, which part of the  
application

were you using and what was the error message that you got?

You mentioned a problem uploading images... which baffles me the most

because the ESAPI changes are _only_ for String attributes on  
services. What

was the error that you got for that?

More details would be really helpful about the specific issue you're

running into. Beyond that as a generality (possibly not related to  
what
you're running into?), I agree that we should leave the default  
pretty high,

and I've just committed a change that does that.

-David



On Feb 23, 2009, at 4:52 PM, Al Byers wrote:


I guess one of the first places that we will run into ESAPI affects  
is in

content management when we try to store images and the like that are
larger

than the default "maxInputSize" = 5000 specified in the antisamy- 
esapi.xml

file.

What would be the best approach to dealing with this?


1. Just modify the maxInputSize value? I may want to limit files  
that are

uploaded, but not content that is persisted some other way.


2. In that case do I override the createDataText service (which  
would mean

overriding the "createTextContent" service)?


Are there any other options I am missing like specifically  
changing the
value of allowHTML (if that were set to "any" there would be no  
content

limits, right?) for a specific service call?

Thanks,
-Al




























					Reply via email to