You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by "Jochen Wiedmann (JIRA)" <ji...@apache.org> on 2007/01/09 22:59:27 UTC

[jira] Resolved: (FILEUPLOAD-115) Filupload does no validation of accept attribute nor maxFileSize defined for the ExtensionFilter

     [ https://issues.apache.org/jira/browse/FILEUPLOAD-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jochen Wiedmann resolved FILEUPLOAD-115.
----------------------------------------

    Resolution: Cannot Reproduce

No response by user, closing.


> Filupload does no validation of accept attribute nor maxFileSize defined for the ExtensionFilter
> ------------------------------------------------------------------------------------------------
>
>                 Key: FILEUPLOAD-115
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-115
>             Project: Commons FileUpload
>          Issue Type: Bug
>         Environment: jboss-4.0.4
> tomahawk-1.1.3 (also tested with 1.1.5 nigthly from today)
> commons-fileupload-1.1.1
>            Reporter: Christian Nolte
>
> inputFileUpload does no validation check and so no messages are issued to the client when the mime-type does not match (accept-attribute) nor when the file size exceeds maxFileSize defined for the ExtensionFilter. I implemented a test using the information from http://wiki.apache.org/myfaces/Setup_For_File_Uploads. The code looks like that:
> ---
> <h:form enctype="multipart/form-data" id="upload">
> 		<t:inputFileUpload 
> 		  id="file" 
> 		  storage="file" 
>                   accept="image/*"  
> 		  value="#{FileUploader.uploadedFile}"/>
>     	        <h:message for="file" showDetail="true" />
> 		<h:commandButton id="uploadButton" action="#{FileUploader.upload}"/>
> 	</h:form>
> ---
> No error messages are displayed and so a client is able to upload any files he wants. I also tested this behaviour with the latest tomahawk-examples-1.1.5-NIGHTLY (fileupload-example) and got the same behaviour there.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org