[
https://issues.apache.org/jira/browse/WW-5616?focusedWorklogId=1006499&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1006499
]
ASF GitHub Bot logged work on WW-5616:
--------------------------------------
Author: ASF GitHub Bot
Created on: 21/Feb/26 19:56
Start Date: 21/Feb/26 19:56
Worklog Time Spent: 10m
Work Description: brianandle opened a new pull request, #1591:
URL: https://github.com/apache/struts/pull/1591
* Pull aspects into alignment with main/7.x+ AbstractMultiPartRequest.java
* Null check
* Update JakartaMultiPartRequest and JakartaStreamMultiPartRequest to use
isFile()
* Update cleanup text to mirror main/7.x+
Issue Time Tracking
-------------------
Worklog Id: (was: 1006499)
Remaining Estimate: 0h
Time Spent: 10m
> JakartaStreamMultiPartRequest warns on file delete if the file doesnt exist
> ---------------------------------------------------------------------------
>
> Key: WW-5616
> URL: https://issues.apache.org/jira/browse/WW-5616
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 6.8.0
> Reporter: Brian Andle
> Priority: Minor
> Fix For: 6.9.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In the 6.x branch version of JakartaStreamMultiPartRequest.java we don't
> check that the file exists on cleanup and so the warn log message could raise
> unintentional concerns including potentially security concerts. The non
> stream version does an exists check (although maybe should have a isFile
> check instead).
>
> The main/7.x does a isFile check first in the cleanup in the Abstract so it's
> already addressed in 7.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
