You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Racon (JIRA)" <ji...@apache.org> on 2007/05/06 07:37:42 UTC
[jira] Created: (WW-1911) Content-Type validation when no file is
uploaded
Content-Type validation when no file is uploaded
------------------------------------------------
Key: WW-1911
URL: https://issues.apache.org/struts/browse/WW-1911
Project: Struts 2
Issue Type: Bug
Components: Dispatch, Interceptors
Affects Versions: 2.0.7, 2.0.6, 2.1.0, 2.1.x
Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
Reporter: Lukasz Racon
If you set allowed types on the file upload interceptor:
<param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
it will validate content type even though there is no file uploaded.
This shows up in two cases:
1) If field is required you will get 2 messages:
Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
Image is required.
2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
Basically it violates the idea of single purpose validator (since it also acts as required field validator).
There are at least 3 ways to fix it:
1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (WW-1911) Content-Type validation when no file is
uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes reassigned WW-1911:
--------------------------------
Assignee: James Holmes
> Content-Type validation when no file is uploaded
> ------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Assignee: James Holmes
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-1911) Content-Type validation when no file is
uploaded
Posted by "Lukasz Racon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_41200 ]
Lukasz Racon commented on WW-1911:
----------------------------------
Same issue:
https://issues.apache.org/struts/browse/WW-1976
> Content-Type validation when no file is uploaded
> ------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Fix For: 2.0.9
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-1911) File Upload: content-Type validation
fails when no file is uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes updated WW-1911:
-----------------------------
Summary: File Upload: content-Type validation fails when no file is uploaded (was: Content-Type validation when no file is uploaded)
> File Upload: content-Type validation fails when no file is uploaded
> -------------------------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Assignee: James Holmes
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-1911) File Upload: content-type validation
fails when no file is uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_41646 ]
James Holmes commented on WW-1911:
----------------------------------
Fixed on the 2_0_X branch in SVN revision 559304.
> File Upload: content-type validation fails when no file is uploaded
> -------------------------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Assignee: James Holmes
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-1911) File Upload: content-type validation
fails when no file is uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes updated WW-1911:
-----------------------------
Affects Version/s: 2.0.8
2.0.9
Summary: File Upload: content-type validation fails when no file is uploaded (was: File Upload: content-Type validation fails when no file is uploaded)
> File Upload: content-type validation fails when no file is uploaded
> -------------------------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Assignee: James Holmes
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-1911) Content-Type validation when no file is
uploaded
Posted by "Don Brown (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Don Brown updated WW-1911:
--------------------------
Fix Version/s: 2.0.9
> Content-Type validation when no file is uploaded
> ------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Fix For: 2.0.9
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-1911) Content-Type validation when no file is
uploaded
Posted by "Lukasz Racon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Racon updated WW-1911:
-----------------------------
Attachment: patch.txt
here goes the patch.
> Content-Type validation when no file is uploaded
> ------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-1911) Content-Type validation when no file is
uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes updated WW-1911:
-----------------------------
Fix Version/s: (was: 2.0.9)
2.0.10
Moving to 2.0.10 so that 2.0.9 can be released.
> Content-Type validation when no file is uploaded
> ------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WW-1911) File Upload: content-type validation
fails when no file is uploaded
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-1911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes resolved WW-1911.
------------------------------
Resolution: Fixed
Fixed on the trunk (Struts 2.1) in SVN revision 559307.
Thanks for the patch! I modified it slightly to remove the dependency on Jakarta Commons Lang.
> File Upload: content-type validation fails when no file is uploaded
> -------------------------------------------------------------------
>
> Key: WW-1911
> URL: https://issues.apache.org/struts/browse/WW-1911
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch, Interceptors
> Affects Versions: 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.0, 2.1.x
> Environment: FireFox 2.0; Tomcat 5.0; commons-fileupload 1.2
> Reporter: Lukasz Racon
> Assignee: James Holmes
> Fix For: 2.0.10
>
> Attachments: patch.txt
>
>
> If you set allowed types on the file upload interceptor:
> <param name="fileUpload.allowedTypes">image/png,image/gif,image/jpeg</param>
> it will validate content type even though there is no file uploaded.
> This shows up in two cases:
> 1) If field is required you will get 2 messages:
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Image is required.
> 2) If field is not required you will get invalid content type validation error anyway (which prohibits from executing the action):
> Content-Type not allowed: image "upload_1120a017_1125f7d74fc__8000_00000013.tmp" application/octet-stream
> Basically it violates the idea of single purpose validator (since it also acts as required field validator).
> There are at least 3 ways to fix it:
> 1) fix org.apache.struts2.interceptor.FileUploadInterceptor.acceptFile method so it does not check content type (allowedTypesSet) if file is empty.
> 2) fix the ServletFileUpload.parseRequest so it does not show empty downloads (i.e. when file name is null).
> 3) (one that is in patch) fix org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest.parse so it ignores files that have blank file name.
> Attached patch fixes JakartaMultiPartRequest if file name is blank it means no file has been uploaded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.