You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by jo...@apache.org on 2022/12/14 09:32:51 UTC

[commons-fileupload] branch master updated: Add a new limit for the number of files uploaded per request (#185)

This is an automated email from the ASF dual-hosted git repository.

jochen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git


The following commit(s) were added to refs/heads/master by this push:
     new 6601954  Add a new limit for the number of files uploaded per request (#185)
6601954 is described below

commit 6601954fd1f36f0c3b1fe97f213e232a2ea63588
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Dec 14 09:32:46 2022 +0000

    Add a new limit for the number of files uploaded per request (#185)
---
 src/changes/changes.xml                            |  1 +
 .../apache/commons/fileupload2/FileUploadBase.java | 29 ++++++++++++
 .../pub/FileCountLimitExceededException.java       | 53 ++++++++++++++++++++++
 3 files changed, 83 insertions(+)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index a70bffc..f4a8b76 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -55,6 +55,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action                        dev="ggregory" type="add" due-to="Gary Gregory">Add github/codeql-action from #144.</action>
       <action                        dev="jochen" type="add">Add the package org.apache.fileupload2.jaksrvlt, for compliance with Jakarta Servlet API 5.0.</action>
       <action                        dev="jochen" type="add">Making FileUploadException a subclass of IOException. (Mibor API simplification.)</action>
+      <action                        dev="markt" type="add">Add a configurable limit (disabled by default) for the number of files to upload per request.</action>
       <!-- UPDATE -->
       <action                        dev="ggregory" type="update" due-to="Dependabot, Gary Gregory">Bump actions/cache from 2.1.6 to 3.0.8 #128, #140.</action>
       <action                        dev="ggregory" type="update" due-to="Dependabot, Gary Gregory">Bump actions/checkout from 2.3.4 to 3.0.2 #125.</action>
diff --git a/src/main/java/org/apache/commons/fileupload2/FileUploadBase.java b/src/main/java/org/apache/commons/fileupload2/FileUploadBase.java
index b10eabc..0c49ca1 100644
--- a/src/main/java/org/apache/commons/fileupload2/FileUploadBase.java
+++ b/src/main/java/org/apache/commons/fileupload2/FileUploadBase.java
@@ -29,6 +29,7 @@ import java.util.Map;
 import java.util.Objects;
 
 import org.apache.commons.fileupload2.impl.FileItemIteratorImpl;
+import org.apache.commons.fileupload2.pub.FileCountLimitExceededException;
 import org.apache.commons.fileupload2.pub.FileUploadIOException;
 import org.apache.commons.fileupload2.pub.IOFileUploadException;
 import org.apache.commons.fileupload2.util.FileItemHeadersImpl;
@@ -140,6 +141,12 @@ public abstract class FileUploadBase {
      */
     private long fileSizeMax = -1;
 
+    /**
+     * The maximum permitted number of files that may be uploaded in a single
+     * request. A value of -1 indicates no maximum.
+     */
+    private long fileCountMax = -1;
+
     /**
      * The content encoding to use when reading part headers.
      */
@@ -216,6 +223,24 @@ public abstract class FileUploadBase {
         this.fileSizeMax = fileSizeMax;
     }
 
+    /**
+     * Returns the maximum number of files allowed in a single request.
+     *
+     * @return The maximum number of files allowed in a single request.
+     */
+    public long getFileCountMax() {
+        return fileCountMax;
+    }
+
+    /**
+     * Sets the maximum number of files allowed per request.
+     *
+     * @param fileCountMax The new limit. {@code -1} means no limit.
+     */
+    public void setFileCountMax(final long fileCountMax) {
+        this.fileCountMax = fileCountMax;
+    }
+
     /**
      * Retrieves the character encoding used when reading the headers of an
      * individual part. When not specified, or {@code null}, the request
@@ -290,6 +315,10 @@ public abstract class FileUploadBase {
                     "No FileItemFactory has been set.");
             final byte[] buffer = new byte[Streams.DEFAULT_BUFFER_SIZE];
             while (iter.hasNext()) {
+                if (items.size() == fileCountMax) {
+                    // The next item will exceed the limit.
+                    throw new FileCountLimitExceededException(ATTACHMENT, getFileCountMax());
+                }
                 final FileItemStream item = iter.next();
                 // Don't use getName() here to prevent an InvalidFileNameException.
                 final String fileName = item.getName();
diff --git a/src/main/java/org/apache/commons/fileupload2/pub/FileCountLimitExceededException.java b/src/main/java/org/apache/commons/fileupload2/pub/FileCountLimitExceededException.java
new file mode 100644
index 0000000..ac22341
--- /dev/null
+++ b/src/main/java/org/apache/commons/fileupload2/pub/FileCountLimitExceededException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.commons.fileupload2.pub;
+
+import org.apache.commons.fileupload2.FileUploadException;
+
+/**
+ * This exception is thrown if a request contains more files than the specified
+ * limit.
+ */
+public class FileCountLimitExceededException extends FileUploadException {
+
+    private static final long serialVersionUID = 2408766352570556046L;
+
+    /**
+     * The limit that was exceeded.
+     */
+    private final long limit;
+
+    /**
+     * Creates a new instance.
+     *
+     * @param message The detail message
+     * @param limit The limit that was exceeded
+     */
+    public FileCountLimitExceededException(final String message, final long limit) {
+        super(message);
+        this.limit = limit;
+    }
+
+    /**
+     * Retrieves the limit that was exceeded.
+     *
+     * @return The limit that was exceeded by the request
+     */
+    public long getLimit() {
+        return limit;
+    }
+}