You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/04/14 09:37:00 UTC

[jira] [Commented] (WW-4958) File upload fails from certain clients

    [ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817257#comment-16817257 ] 

ASF subversion and git services commented on WW-4958:
-----------------------------------------------------

Commit f45d2752bb089ade2e41320b81283cbc8aa78259 in struts's branch refs/heads/struts-2-5-x from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=f45d275 ]

WW-4958 Uses less restrictive Regex to check if it's a multipart request


> File upload fails from certain clients
> --------------------------------------
>
>                 Key: WW-4958
>                 URL: https://issues.apache.org/jira/browse/WW-4958
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Dispatch Filter
>    Affects Versions: 2.5.17
>            Reporter: Tamás Faragó
>            Priority: Major
>             Fix For: 2.5.21, 2.6
>
>
> 2.5.11 added more validation on whether to accept file uploads. Previously there was only a check if the HTTP header contained "multipart/form-data", now there is the following regex in Dispatcher::isMultipartRequest.
>  
> {quote}public static final String MULTIPART_FORM_DATA_REGEX = "^multipart/form-data(; boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
>  
> This is too restrictive, apache http client for example adds a white space between the semicolon and "charset" and thus all file uploads are failing unless this regex is overwritten in the config. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)