Wicket
  1. Wicket
  2. WICKET-3525

Fileupload: full request body is read even when it is known that it is larger than the max allowed size

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.5-RC2
    • Fix Version/s: None
    • Component/s: wicket
    • Labels:
      None

      Description

      Steps to reproduce (works with all major browers, I suggest using Chrome for this because it shows the upload progress status with a percentage in the lower left/right corner):
      1. Go to http://www.wicket-library.com/wicket-examples/upload/single
      2. Choose a file significantly larger than 100KB (app's max allowed size) for the first form. Post the first form.
      3. The post will take long because the file is uploaded and processed by the server.

      The browsers send the content-length header and wicket compares this with the max allowed upload size in o.a.w.util.upload.FileUploadBase.FileItemIteratorImpl.FileItemIteratorImpl(FileUploadBase, RequestContext). It detects that it is larger than allowed and throws an exception which brakes the input parsing started by the Form component. However the input is still processed by something else.

      1. WICKET-3525-AJAX-handler.patch
        11 kB
        Pedro Santos
      2. WICKET-3525.patch
        10 kB
        Pedro Santos

        Issue Links

          Activity

          Hide
          Adam Pierzchała added a comment -

          In wicket 1.4.18 I have quite similar problem, whole file is being uploaded despite the fact that there is not enough space on disk. I used setMaxSize to set 10GB, but I have only 4GB. If I try to upload bigger file than 4GB, nothing happens after file is sent (Chrome reaches 100% upload, and then nothing happens, code doesn't reach my onSubmit, and debugging doesn't seem to help to understand what happens).

          Can anybody tell me if this might be related or should I open new ticket for this?

          Show
          Adam Pierzchała added a comment - In wicket 1.4.18 I have quite similar problem, whole file is being uploaded despite the fact that there is not enough space on disk. I used setMaxSize to set 10GB, but I have only 4GB. If I try to upload bigger file than 4GB, nothing happens after file is sent (Chrome reaches 100% upload, and then nothing happens, code doesn't reach my onSubmit, and debugging doesn't seem to help to understand what happens). Can anybody tell me if this might be related or should I open new ticket for this?
          Hide
          Phil Franken added a comment -

          I have a work-around that at least gracefully closes the UploadProgressBar. Although Tomcat still processes the entire file. I override FileUploadField and return null if the file size is too big. On my file upload form I then check for null and call error() (this means no file was selected or the file was too big so the error message must be according).

          Please note the forms max size must be greather than the max size set in the CustomFileUploadField.

          public class CustomFileUploadField extends FileUploadField {

          public CustomFileUploadField(String id)

          { super(id); }

          public CustomFileUploadField(String id, IModel<FileUpload> model)

          { super(id, model); }

          @Override
          public FileUpload getFileUpload() {

          // Get request
          final Request request = getRequest();
          final FileItem item = ((IMultipartWebRequest)request).getFile(getInputName());

          // If we successfully installed a multipart request
          if (item != null && request instanceof IMultipartWebRequest) {

          if (item.getSize() > Constants.MAXSIZE)

          { return null; }

          if (item.getSize() > 0)

          { return new FileUpload(item); }

          }
          return null;

          }

          }

          Show
          Phil Franken added a comment - I have a work-around that at least gracefully closes the UploadProgressBar. Although Tomcat still processes the entire file. I override FileUploadField and return null if the file size is too big. On my file upload form I then check for null and call error() (this means no file was selected or the file was too big so the error message must be according). Please note the forms max size must be greather than the max size set in the CustomFileUploadField. public class CustomFileUploadField extends FileUploadField { public CustomFileUploadField(String id) { super(id); } public CustomFileUploadField(String id, IModel<FileUpload> model) { super(id, model); } @Override public FileUpload getFileUpload() { // Get request final Request request = getRequest(); final FileItem item = ((IMultipartWebRequest)request).getFile(getInputName()); // If we successfully installed a multipart request if (item != null && request instanceof IMultipartWebRequest) { if (item.getSize() > Constants.MAXSIZE) { return null; } if (item.getSize() > 0) { return new FileUpload(item); } } return null; } }
          Hide
          Rainer Jung added a comment -
          Show
          Rainer Jung added a comment - Concerning the situation in Tomcat, please see the following discussions (and fix for Tomcat 7): http://markmail.org/message/c4qo4g2wc4sm7g53 http://markmail.org/message/mdjvhzacyuwxd3zj http://markmail.org/message/x4nm4543ml4vlncp#query:+page:1+mid:x4nm4543ml4vlncp+state:results Regards, Rainer
          Hide
          Pedro Santos added a comment -

          New patch removing the iframe created to submit the form uploading the file and using the UploadStatusResource to return the same response that AjaxRequestTarget would, and use wikcet-ajax.js API to handle it.
          Tested in IE 7,8,9, Safari, Chrome, Firefox
          In Opera it is not working fine because the browser is loading the file regardless the output stream writing it to server, in the end the cached response is not read/removed from cache because the regular response is hit the browser before the cached one.
          @devs I will try to figure out how to solve this problem, but I'm afraid of get the wrong path here.

          Show
          Pedro Santos added a comment - New patch removing the iframe created to submit the form uploading the file and using the UploadStatusResource to return the same response that AjaxRequestTarget would, and use wikcet-ajax.js API to handle it. Tested in IE 7,8,9, Safari, Chrome, Firefox In Opera it is not working fine because the browser is loading the file regardless the output stream writing it to server, in the end the cached response is not read/removed from cache because the regular response is hit the browser before the cached one. @devs I will try to figure out how to solve this problem, but I'm afraid of get the wrong path here.
          Hide
          Pedro Santos added a comment -

          The last patch I sent works fine in IE 7, 8, 9, Chrome, Safari and Firefox. But it still can be improved in two different ways:

          • currently it only works if the form was submitted by an AJAX submit component
          • perhaps we can change UploadStatusResource to return the same response that AjaxRequestTarget would, and use wikcet-ajax.js API to handle it. It would be even better strategy because feedback panels would be updated instead of the progress bar status div.
          Show
          Pedro Santos added a comment - The last patch I sent works fine in IE 7, 8, 9, Chrome, Safari and Firefox. But it still can be improved in two different ways: currently it only works if the form was submitted by an AJAX submit component perhaps we can change UploadStatusResource to return the same response that AjaxRequestTarget would, and use wikcet-ajax.js API to handle it. It would be even better strategy because feedback panels would be updated instead of the progress bar status div.
          Hide
          Pedro Santos added a comment -

          Patch removing the iframe of the form uploading the file and reporting the limit exceed message.

          Show
          Pedro Santos added a comment - Patch removing the iframe of the form uploading the file and reporting the limit exceed message.
          Hide
          Phil Franken added a comment - - edited

          this also occurs wicket 1.4.17

          Show
          Phil Franken added a comment - - edited this also occurs wicket 1.4.17
          Hide
          Attila Király added a comment -

          Further debugging showed that this is done by the servlet container (both jetty and tomcat) so it might be not posible to do anything about it in wicket.

          Show
          Attila Király added a comment - Further debugging showed that this is done by the servlet container (both jetty and tomcat) so it might be not posible to do anything about it in wicket.

            People

            • Assignee:
              Unassigned
              Reporter:
              Attila Király
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:

                Development