You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Fabio Fucci (JIRA)" <ji...@apache.org> on 2011/07/26 11:05:10 UTC

[jira] [Commented] (WW-3025) Parameters get lost when file upload over max size allowed

    [ https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13071011#comment-13071011 ] 

Fabio Fucci commented on WW-3025:
---------------------------------

Setting the maximum size property in the FileUploadInterceptor as Maurizio suggested

{noformat}
<interceptor-ref name="fileUpload">
<param name="maximumSize">100</param>
</interceptor-ref>
{noformat}

will solve only the simple case of the checking the size of a single uploaded file (even if you have multiple uploaded files the interceptor checks for the size of every single file).
The only way to limit the total size of uploaded files (the sum of all the files) is to act on struts.multipart.maxSize property (that is affected from the reported problem).

Am I right?

> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
>                 Key: WW-3025
>                 URL: https://issues.apache.org/jira/browse/WW-3025
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.1.6
>         Environment: All
>            Reporter: Tom Nguyen
>             Fix For: 2.2.x, 2.3
>
>
> When the uploaded file gets rejected because it's content, size, or because of a general problem an Exception is thrown by the MultiPartRequest class. Exceptions are: InvalidContentTypeException, UnknownSizeException, SizeLimitExceededException, and FileUploadException. This can lead to serious problems within the application because the other parameters from the upload form get lost. Happening in a profile page for example means that the user data is lost this can lead to a security Exception. In other case this usually just involves a OGNL-Exception. Meaning your field data like personal file name is lost. Workaround found in http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/, but the the still keep uploading to server, not secured.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira