Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4768

Add proper validation if request is a multipart request

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.10
    • Fix Version/s: 2.5.12
    • Component/s: Core
    • Labels:
      None

      Issue Links

        Activity

        Hide
        lukaszlenart Lukasz Lenart added a comment -

        A new constant was defined to allow customise validation struts.multipart.validationRegex, see the docs
        https://cwiki.apache.org/confluence/display/WW/File+Upload#FileUpload-Requestvalidation

        Show
        lukaszlenart Lukasz Lenart added a comment - A new constant was defined to allow customise validation struts.multipart.validationRegex , see the docs https://cwiki.apache.org/confluence/display/WW/File+Upload#FileUpload-Requestvalidation
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 4e9fa8423931417da8bc60ce220f46935b54c5de in struts's branch refs/heads/master from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=4e9fa84 ]

        WW-4768 Adds proper validation if request is a multipart request

        Show
        jira-bot ASF subversion and git services added a comment - Commit 4e9fa8423931417da8bc60ce220f46935b54c5de in struts's branch refs/heads/master from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=4e9fa84 ] WW-4768 Adds proper validation if request is a multipart request
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Struts-JDK7-master #607 (See https://builds.apache.org/job/Struts-JDK7-master/607/)
        WW-4768 Adds proper validation if request is a multipart request (lukaszlenart: rev 4e9fa8423931417da8bc60ce220f46935b54c5de)

        • (edit) core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
        • (edit) core/src/test/java/org/apache/struts2/interceptor/FileUploadInterceptorTest.java
        • (edit) core/src/test/java/org/apache/struts2/dispatcher/DispatcherTest.java
        • (edit) core/src/main/java/org/apache/struts2/StrutsConstants.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Struts-JDK7-master #607 (See https://builds.apache.org/job/Struts-JDK7-master/607/ ) WW-4768 Adds proper validation if request is a multipart request (lukaszlenart: rev 4e9fa8423931417da8bc60ce220f46935b54c5de) (edit) core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java (edit) core/src/test/java/org/apache/struts2/interceptor/FileUploadInterceptorTest.java (edit) core/src/test/java/org/apache/struts2/dispatcher/DispatcherTest.java (edit) core/src/main/java/org/apache/struts2/StrutsConstants.java
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit d053df4924578dcd060f74878d70d60268e85cd7 in struts's branch refs/heads/master from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=d053df4 ]

        WW-4768 Adds support for dashes in boundary definition

        Show
        jira-bot ASF subversion and git services added a comment - Commit d053df4924578dcd060f74878d70d60268e85cd7 in struts's branch refs/heads/master from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=d053df4 ] WW-4768 Adds support for dashes in boundary definition
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Struts-JDK7-master #608 (See https://builds.apache.org/job/Struts-JDK7-master/608/)
        WW-4768 Adds support for dashes in boundary definition (lukaszlenart: rev d053df4924578dcd060f74878d70d60268e85cd7)

        • (edit) core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Struts-JDK7-master #608 (See https://builds.apache.org/job/Struts-JDK7-master/608/ ) WW-4768 Adds support for dashes in boundary definition (lukaszlenart: rev d053df4924578dcd060f74878d70d60268e85cd7) (edit) core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
        Hide
        abrin adam brin added a comment -

        FYI – as of 2.5.12 Dashes are still not supported in the regex, and the regex is much stricter than the RFC's spec linked in the WIKI:

        https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html

        bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / "?"

        Show
        abrin adam brin added a comment - FYI – as of 2.5.12 Dashes are still not supported in the regex, and the regex is much stricter than the RFC's spec linked in the WIKI: https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / "?"
        Hide
        lukaszlenart Lukasz Lenart added a comment -

        Could you open a ticket to cover this issue? I also assume you haven't had problems with overriding the default with struts.multipart.validationRegex?

        Show
        lukaszlenart Lukasz Lenart added a comment - Could you open a ticket to cover this issue? I also assume you haven't had problems with overriding the default with struts.multipart.validationRegex ?

          People

          • Assignee:
            lukaszlenart Lukasz Lenart
            Reporter:
            lukaszlenart Lukasz Lenart
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development