[
https://issues.apache.org/jira/browse/FILEUPLOAD-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067512#comment-18067512
]
Gary D. Gregory commented on FILEUPLOAD-360:
--------------------------------------------
Hello [[email protected]]
Thank you for your report.
Feel free to provide a PR on GitHub.
> FileUploadBase.getItemIterator(...) does not respect fileCountMax
> -----------------------------------------------------------------
>
> Key: FILEUPLOAD-360
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-360
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.5, 1.6.0
> Reporter: Stephan Markwalder
> Priority: Minor
>
> When setting a limit for the number of uploaded files with
> {{{}setFileCountMax(long){}}}, the given value has an effect only if a
> request is processed with {{{}parseRequest(RequestContext){}}}. If the
> request is processed with
> {{{}getItemIterator({}}}{{{}RequestContext){}}}, the iterator implementation
> does not check for the given limit.
>
> When this limit was implemented in PR #185
> ([https://github.com/apache/commons-fileupload/pull/185]) changes were made
> only in {{parseRequest(RequestContext)}} but not in the code used to iterate
> over items.
>
> I have been able to reproduce this issue in Commons FileUpload 1.5 and 1.6.0.
> I have not tested 2.0.0-M4, but I assume the same issue is present there as
> well.
>
> Since this is a security-related feature, I think it would be worth fixing.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
