You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by hl...@apache.org on 2011/10/19 19:52:07 UTC
svn commit: r1186366 - in /tapestry/tapestry5/trunk/tapestry-upload/src:
main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java
test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java
Author: hlship
Date: Wed Oct 19 17:52:07 2011
New Revision: 1186366
URL: http://svn.apache.org/viewvc?rev=1186366&view=rev
Log:
TAP5-1475: In a multipart file upload, request parameters in the URL are not exposed, only parameters in the request body
Modified:
tapestry/tapestry5/trunk/tapestry-upload/src/main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java
tapestry/tapestry5/trunk/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java
Modified: tapestry/tapestry5/trunk/tapestry-upload/src/main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-upload/src/main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java?rev=1186366&r1=1186365&r2=1186366&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-upload/src/main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java (original)
+++ tapestry/tapestry5/trunk/tapestry-upload/src/main/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImpl.java Wed Oct 19 17:52:07 2011
@@ -1,4 +1,4 @@
-// Copyright 2007, 2008, 2010 The Apache Software Foundation
+// Copyright 2007, 2008, 2010, 2011 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -14,13 +14,6 @@
package org.apache.tapestry5.upload.internal.services;
-import java.io.UnsupportedEncodingException;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUploadException;
@@ -33,6 +26,12 @@ import org.apache.tapestry5.upload.servi
import org.apache.tapestry5.upload.services.UploadSymbols;
import org.apache.tapestry5.upload.services.UploadedFile;
+import javax.servlet.http.HttpServletRequest;
+import java.io.UnsupportedEncodingException;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
/**
* Implementation of multipart decoder for servlets. This implementation is perthread scope.
*/
@@ -52,16 +51,16 @@ public class MultipartDecoderImpl implem
public MultipartDecoderImpl(
- FileItemFactory fileItemFactory,
+ FileItemFactory fileItemFactory,
- @Symbol(UploadSymbols.REQUESTSIZE_MAX)
- long maxRequestSize,
+ @Symbol(UploadSymbols.REQUESTSIZE_MAX)
+ long maxRequestSize,
- @Symbol(UploadSymbols.FILESIZE_MAX)
- long maxFileSize,
+ @Symbol(UploadSymbols.FILESIZE_MAX)
+ long maxFileSize,
- @Symbol(SymbolConstants.CHARSET)
- String requestEncoding)
+ @Symbol(SymbolConstants.CHARSET)
+ String requestEncoding)
{
this.fileItemFactory = fileItemFactory;
this.maxRequestSize = maxRequestSize;
@@ -79,8 +78,7 @@ public class MultipartDecoderImpl implem
try
{
request.setCharacterEncoding(requestEncoding);
- }
- catch (UnsupportedEncodingException ex)
+ } catch (UnsupportedEncodingException ex)
{
throw new RuntimeException(ex);
}
@@ -104,8 +102,7 @@ public class MultipartDecoderImpl implem
try
{
return createFileUpload().parseRequest(request);
- }
- catch (FileUploadException ex)
+ } catch (FileUploadException ex)
{
uploadException = ex;
@@ -126,10 +123,21 @@ public class MultipartDecoderImpl implem
protected HttpServletRequest processFileItems(HttpServletRequest request, List<FileItem> fileItems)
{
- if (uploadException == null && fileItems.isEmpty()) { return request; }
+ if (uploadException == null && fileItems.isEmpty())
+ {
+ return request;
+ }
ParametersServletRequestWrapper wrapper = new ParametersServletRequestWrapper(request);
+ // First add parameters from the request
+ for (Object e : request.getParameterMap().entrySet())
+ {
+ Map.Entry<String, String[]> ee = (Map.Entry<String, String[]>) e;
+ for (String s : ee.getValue())
+ wrapper.addParameter(ee.getKey(), s);
+ }
+
for (FileItem item : fileItems)
{
if (item.isFormField())
@@ -140,15 +148,13 @@ public class MultipartDecoderImpl implem
{
fieldValue = item.getString(requestEncoding);
- }
- catch (UnsupportedEncodingException ex)
+ } catch (UnsupportedEncodingException ex)
{
throw new RuntimeException(ex);
}
wrapper.addParameter(item.getFieldName(), fieldValue);
- }
- else
+ } else
{
wrapper.addParameter(item.getFieldName(), item.getName());
addUploadedFile(item.getFieldName(), new UploadedFileItem(item));
Modified: tapestry/tapestry5/trunk/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java?rev=1186366&r1=1186365&r2=1186366&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java (original)
+++ tapestry/tapestry5/trunk/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/MultipartDecoderImplTest.java Wed Oct 19 17:52:07 2011
@@ -1,4 +1,4 @@
-// Copyright 2007, 2008 The Apache Software Foundation
+// Copyright 2007, 2008, 2011 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -86,6 +86,7 @@ public class MultipartDecoderImplTest ex
public void process_file_items_creates_wrapped_request_and_sets_non_file_parameters() throws Exception
{
HttpServletRequest request = mockHttpServletRequest();
+ expect(request.getParameterMap()).andReturn(Collections.EMPTY_MAP);
MultipartDecoderImpl decoder = new MultipartDecoderImpl(fileItemFactory, -1, -1, CHARSET);
List<FileItem> fileItems = Arrays.asList(createValueItem("one", "first"), createValueItem("two", "second"));
@@ -106,6 +107,7 @@ public class MultipartDecoderImplTest ex
public void non_file_items_with_null_request_encoding() throws Exception
{
HttpServletRequest request = mockHttpServletRequest();
+ expect(request.getParameterMap()).andReturn(Collections.EMPTY_MAP);
MultipartDecoderImpl decoder = new MultipartDecoderImpl(fileItemFactory, -1, -1, CHARSET);
@@ -127,9 +129,10 @@ public class MultipartDecoderImplTest ex
public void process_file_items_set_file_parameters_with_file_name() throws Exception
{
HttpServletRequest request = mockHttpServletRequest();
+ expect(request.getParameterMap()).andReturn(Collections.EMPTY_MAP);
MultipartDecoderImpl decoder = new MultipartDecoderImpl(fileItemFactory, -1, -1, CHARSET);
List<FileItem> fileItems = Arrays.asList(createFileItem("one", "first.txt"),
- createFileItem("two", "second.txt"));
+ createFileItem("two", "second.txt"));
replay();
@@ -147,9 +150,10 @@ public class MultipartDecoderImplTest ex
public void uploaded_file_stored() throws Exception
{
HttpServletRequest request = mockHttpServletRequest();
+ expect(request.getParameterMap()).andReturn(Collections.EMPTY_MAP);
MultipartDecoderImpl decoder = new MultipartDecoderImpl(fileItemFactory, -1, -1, CHARSET);
List<FileItem> fileItems = Arrays.asList(createFileItem("one", "first.txt"),
- createFileItem("two", "second.txt"));
+ createFileItem("two", "second.txt"));
replay();
@@ -167,6 +171,7 @@ public class MultipartDecoderImplTest ex
public void file_items_cleaned_up() throws Exception
{
HttpServletRequest request = mockHttpServletRequest();
+ expect(request.getParameterMap()).andReturn(Collections.EMPTY_MAP);
MultipartDecoderImpl decoder = new MultipartDecoderImpl(fileItemFactory, -1, -1, CHARSET);
StubFileItem firstItem = new StubFileItem("one");
firstItem.setFormField(false);