You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2016/08/30 13:38:20 UTC

[jira] [Commented] (SLING-6017) Streaming Uplads detection of request parameters is wrong.

    [ https://issues.apache.org/jira/browse/SLING-6017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449035#comment-15449035 ] 

Ian Boston commented on SLING-6017:
-----------------------------------

Reported in SLING-5948 
{code}
curl -o /dev/null -v -F key1=value1 -F file=@file.txt -w %{time_connect}:%{time_starttransfer}:%{time_total} http://admin:admin@localhost:8080/temp/file4?uploadmode=stream
{code}

Causes key1=value1 to be processed as a file upload since isFormField(part) [1] returns false due to part.getSubmittedFile() being non null [2].

The JavaDoc [3] indicates that getName() should be used to get the file name of submitted by the client, and not getFieldName(), although in some examples getFieldName appears to have been used incorrectly. This may be because Part.getName() is the Servlet API 3.1 equivalent of FileItem.getFiledName() and Part.getSubmittedFileName() is the Servlet API 3.1 equivalent of FileItem.getName(). see [4]


1 https://github.com/apache/sling/blob/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/StreamedUploadOperation.java#L95

2 https://github.com/apache/sling/blob/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/parameters/RequestPartsIterator.java#L148

3 
https://commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileItemStream.html


4 https://docs.oracle.com/javaee/7/api/javax/servlet/http/Part.html

> Streaming Uplads detection of request parameters is wrong.
> ----------------------------------------------------------
>
>                 Key: SLING-6017
>                 URL: https://issues.apache.org/jira/browse/SLING-6017
>             Project: Sling
>          Issue Type: Bug
>          Components: Engine, Servlets
>    Affects Versions: Servlets Post 2.3.12, Engine 2.6.2
>            Reporter: Ian Boston
>            Assignee: Ian Boston
>
> The way in which a request field that is not a file upload is detected is wrong. Reported in SLING-5948.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)