michael-o commented on code in PR #646: URL: https://github.com/apache/tomcat/pull/646#discussion_r1299773529
########## java/org/apache/tomcat/util/http/InvalidParameterException.java: ########## @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.http; + +import jakarta.servlet.http.HttpServletResponse; + +/** + * Extend {@link IllegalStateException} to identify the cause as an invalid parameter. + */ +public class InvalidParameterException extends IllegalStateException { Review Comment: Why illegal state? Why not illegal argument exception? Mandated by Servlet 3.0 spec? If so, it should be noted in the Javadoc. ########## java/org/apache/tomcat/util/http/InvalidParameterException.java: ########## @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.http; + +import jakarta.servlet.http.HttpServletResponse; + +/** + * Extend {@link IllegalStateException} to identify the cause as an invalid parameter. + */ +public class InvalidParameterException extends IllegalStateException { + + private static final long serialVersionUID = 1L; + + private final int errorCode; + + + public InvalidParameterException(String message) { + this(message, HttpServletResponse.SC_BAD_REQUEST); + } + + + public InvalidParameterException(String message, int errorCode) { Review Comment: status code is the canonical name, no? ########## webapps/docs/config/http.xml: ########## @@ -148,20 +148,17 @@ files) obtained from the query string and, for POST requests, the request body if the content type is <code>application/x-www-form-urlencoded</code> or - <code>multipart/form-data</code>. Request parameters beyond this limit - will be ignored. A value of less than 0 means no limit. If not specified, - a default of 1000 is used. Note that <code>FailedRequestFilter</code> - <a href="filter.html">filter</a> can be used to reject requests that - exceed the limit.</p> + <code>multipart/form-data</code>. Requests that exceed this limit will be + rejected. A value of less than 0 means no limit. If not specified, a + default of 1000 is used.</p> </attribute> <attribute name="maxPostSize" required="false"> <p>The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by - setting this attribute to a value less than zero. If not specified, this - attribute is set to 2097152 (2 megabytes). Note that the - <a href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a> - can be used to reject requests that exceed this limit.</p> + setting this attribute to a value less than zero. Requests that exceed + this limit will be rejected. If not specified, this attribute is set to + 2097152 (2 megabytes).</p> Review Comment: ditto ########## webapps/docs/changelog.xml: ########## @@ -113,6 +113,12 @@ provided error code during error page processing rather than assuming an error code of 500. (markt) </fix> + <add> + Update the HTTP parameter handling to align with the changes in the + Jakarta Servlet 6.0 API. Invalid parameters and/or exceeding parameter Review Comment: Please also add the section which cases this change. ########## webapps/docs/config/ajp.xml: ########## @@ -152,20 +152,17 @@ files) obtained from the query string and, for POST requests, the request body if the content type is <code>application/x-www-form-urlencoded</code> or - <code>multipart/form-data</code>. Request parameters beyond this limit - will be ignored. A value of less than 0 means no limit. If not specified, - a default of 1000 is used. Note that <code>FailedRequestFilter</code> - <a href="filter.html">filter</a> can be used to reject requests that - exceed the limit.</p> + <code>multipart/form-data</code>. Requests that exceed this limit will be + rejected. A value of less than 0 means no limit. If not specified, a + default of 1000 is used.</p> </attribute> <attribute name="maxPostSize" required="false"> <p>The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by - setting this attribute to a value less than zero. If not specified, this - attribute is set to 2097152 (2 megabytes). Note that the - <a href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a> - can be used to reject requests that exceed this limit.</p> + setting this attribute to a value less than zero. Requests that exceed + this limit will be rejected. If not specified, this attribute is set to + 2097152 (2 megabytes).</p> Review Comment: 2 mebibytes, actually ########## java/org/apache/tomcat/util/http/InvalidParameterException.java: ########## @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.http; + +import jakarta.servlet.http.HttpServletResponse; + +/** + * Extend {@link IllegalStateException} to identify the cause as an invalid parameter. + */ +public class InvalidParameterException extends IllegalStateException { Review Comment: Why illegal state? Why not illegal argument exception? Mandated by Servlet 6.0 spec? If so, it should be noted in the Javadoc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
