Author: niallp
Date: Tue Feb 14 20:02:40 2006
New Revision: 377929
URL: http://svn.apache.org/viewcvs?rev=377929&view=rev
Log:
Fix 1.2.x branch for Bug 38534 - DOS attack, application hack - thanks to
Bogdan Serban for reporting this.
Modified:
struts/action/branches/STRUTS_1_2_BRANCH/doc/userGuide/release-notes.xml
struts/action/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/util/RequestUtils.java
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/upload/upload.jsp
Modified:
struts/action/branches/STRUTS_1_2_BRANCH/doc/userGuide/release-notes.xml
URL:
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/doc/userGuide/release-notes.xml?rev=377929&r1=377928&r2=377929&view=diff
==============================================================================
--- struts/action/branches/STRUTS_1_2_BRANCH/doc/userGuide/release-notes.xml
(original)
+++ struts/action/branches/STRUTS_1_2_BRANCH/doc/userGuide/release-notes.xml
Tue Feb 14 20:02:40 2006
@@ -40,6 +40,13 @@
<th>Modification</th><th>Revision</th><th>Bugzilla</th><th>Description</th>
</tr></thead>
<tr>
+ <td align="center">2006-02-15</td>
+ <td align="center"><a
href="http://svn.apache.org/viewcvs.cgi?rev=XXXXX&view=rev";>XXXXX</a>
+ (<a
href="http://svn.apache.org/viewcvs?rev=XXXXX&view=rev";>XXXXX</a>)</td>
+ <td align="center"><a
href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38534";>38534</a></td>
+ <td>DOS attack, application hack.</td>
+ </tr>
+ <tr>
<td align="center">2006-02-14</td>
<td align="center"><a
href="http://svn.apache.org/viewcvs.cgi?rev=377562&view=rev";>377562</a>
(<a
href="http://svn.apache.org/viewcvs?rev=377805&view=rev";>377805</a>)</td>
Modified:
struts/action/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/util/RequestUtils.java
URL:
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/util/RequestUtils.java?rev=377929&r1=377928&r2=377929&view=diff
==============================================================================
---
struts/action/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/util/RequestUtils.java
(original)
+++
struts/action/branches/STRUTS_1_2_BRANCH/src/share/org/apache/struts/util/RequestUtils.java
Tue Feb 14 20:02:40 2006
@@ -1,7 +1,7 @@
/*
* $Id$
*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -406,6 +406,11 @@
String method = request.getMethod();
boolean isMultipart = false;
+ if (bean instanceof ActionForm) {
+ ((ActionForm) bean).setMultipartRequestHandler(null);
+ }
+
+ MultipartRequestHandler multipartHandler = null;
if ((contentType != null)
&& (contentType.startsWith("multipart/form-data"))
&& (method.equalsIgnoreCase("POST"))) {
@@ -425,13 +430,7 @@
}
// Obtain a MultipartRequestHandler
- MultipartRequestHandler multipartHandler =
getMultipartHandler(request);
-
- // Set the multipart request handler for our ActionForm.
- // If the bean isn't an ActionForm, an exception would have been
- // thrown earlier, so it's safe to assume that our bean is
- // in fact an ActionForm.
- ((ActionForm) bean).setMultipartRequestHandler(multipartHandler);
+ multipartHandler = getMultipartHandler(request);
if (multipartHandler != null) {
isMultipart = true;
@@ -493,6 +492,14 @@
BeanUtils.populate(bean, properties);
} catch(Exception e) {
throw new ServletException("BeanUtils.populate", e);
+ } finally {
+ if (multipartHandler != null) {
+ // Set the multipart request handler for our ActionForm.
+ // If the bean isn't an ActionForm, an exception would have
been
+ // thrown earlier, so it's safe to assume that our bean is
+ // in fact an ActionForm.
+ ((ActionForm)
bean).setMultipartRequestHandler(multipartHandler);
+ }
}
}
Modified:
struts/action/branches/STRUTS_1_2_BRANCH/web/examples/upload/upload.jsp
URL:
http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/web/examples/upload/upload.jsp?rev=377929&r1=377928&r2=377929&view=diff
==============================================================================
--- struts/action/branches/STRUTS_1_2_BRANCH/web/examples/upload/upload.jsp
(original)
+++ struts/action/branches/STRUTS_1_2_BRANCH/web/examples/upload/upload.jsp Tue
Feb 14 20:02:40 2006
@@ -32,5 +32,22 @@
<html:submit />
</p>
</html:form>
+ <hr/>
+ <html:form action="upload-submit.do?queryParam=Successful"
enctype="multipart/form-data">
+ <p>This form is to test <a
href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38534";>Bug 38534</a>.
+ If this bug is fixed then perversly a <code>NestedNullException</code>
will be thrown by BeanUtils's
+ populate method, but the application should continue to function after
that. If its not fixed then
+ the result page will be shown BUT after that the application will no
longer function.
+ </p>
+ <p>
+ <input type="file" name="theFile" />
+ <input type="hidden"
name="multipartRequestHandler.servlet.servletContext.attribute(org.apache.struts.action.MODULE)"
size="60" value="Field named to trash the default module!"/></br>
+ <input type="hidden"
name="multipartRequestHandler.servlet.servletContext.attribute(org.apache.struts.globals.MODULE_PREFIXES)"
size="60" value="Trash the prefixes to other modules!"/></br>
+ <input type="hidden" name="theText" value="ABCDEF"/>
+ </p>
+ <p>
+ <html:submit>Submit For Bug 38534</html:submit>
+ </p>
+ </html:form>
</body>
</html>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
