[
https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817271#comment-16817271
]
ASF GitHub Bot commented on WW-4958:
------------------------------------
yasserzamani commented on pull request #350: fix multipart request RegEx
(relates to WW-4958)
URL: https://github.com/apache/struts/pull/350
parameter = token "=" ( token / **quoted-string** )
Note: Unlike some similar constructs in other header fields, media
type parameters **do not allow whitespace (even "bad" whitespace)
around the "=" character.**
Reference: https://tools.ietf.org/html/rfc7231#section-3.1.1.1
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> File upload fails from certain clients
> --------------------------------------
>
> Key: WW-4958
> URL: https://issues.apache.org/jira/browse/WW-4958
> Project: Struts 2
> Issue Type: Bug
> Components: Dispatch Filter
> Affects Versions: 2.5.17
> Reporter: Tamás Faragó
> Priority: Major
> Fix For: 2.5.21, 2.6
>
>
> 2.5.11 added more validation on whether to accept file uploads. Previously
> there was only a check if the HTTP header contained "multipart/form-data",
> now there is the following regex in Dispatcher::isMultipartRequest.
>
> {quote}public static final String MULTIPART_FORM_DATA_REGEX =
> "^multipart/form-data(;
> boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote}
>
> This is too restrictive, apache http client for example adds a white space
> between the semicolon and "charset" and thus all file uploads are failing
> unless this regex is overwritten in the config.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
