[jira] [Work logged] (WW-5272) java.lang.UnsupportedOperationException in the Time component
[ https://issues.apache.org/jira/browse/WW-5272?focusedWorklogId=836093&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-836093 ] ASF GitHub Bot logged work on WW-5272: -- Author: ASF GitHub Bot Created on: 29/Dec/22 10:00 Start Date: 29/Dec/22 10:00 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #649: URL: https://github.com/apache/struts/pull/649#issuecomment-1367202782 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=649) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_coverage&view=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 836093) Time Spent: 0.5h (was: 20m) > java.lang.UnsupportedOperationException in the Time component > - > > Key: WW-5272 > URL: https://issues.apache.org/jira/browse/WW-5272 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.0.3 >Reporter: Massimiliano Del Matto >Priority: Major > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > We are facing a java.lang.UnsupportedOperationException on some java.sql.Time > fields in our frontend after migrating from 2.5.26 to 6.0.3. > Error 12/22/2022 09:52:20:122 Caused by: > java.lang.UnsupportedOperationException > Error 12/22/2022 09:52:20:122 at java.sql.Time.toInstant(Time.java:291) > Error 12/22/2022 09:52:20:122 at > org.apache.struts2.components.Date.end(Date.java:299) > Error 12/22/2022 09:52:20:122 at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(Comp
[GitHub] [struts] sonarcloud[bot] commented on pull request #649: [WW-5272] Extends to support java.sql.Time
sonarcloud[bot] commented on PR #649: URL: https://github.com/apache/struts/pull/649#issuecomment-1367202782 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=649) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=649&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=649&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_coverage&view=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=649&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[ https://issues.apache.org/jira/browse/WW-5273?focusedWorklogId=836092&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-836092 ] ASF GitHub Bot logged work on WW-5273: -- Author: ASF GitHub Bot Created on: 29/Dec/22 10:00 Start Date: 29/Dec/22 10:00 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #650: URL: https://github.com/apache/struts/pull/650#issuecomment-1367202233 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=650) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [4 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [50.2% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 836092) Time Spent: 40m (was: 0.5h) > Support fileupload using native Servlet API 3.1 logic > - > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #650: [WW-5273] Supports file upload using Servlet API 3.1
sonarcloud[bot] commented on PR #650: URL: https://github.com/apache/struts/pull/650#issuecomment-1367202233 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=650) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [4 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [50.2% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-5272) java.lang.UnsupportedOperationException in the Time component
[ https://issues.apache.org/jira/browse/WW-5272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652791#comment-17652791 ] ASF subversion and git services commented on WW-5272: - Commit 08de24588ad5b88ec3554b476c9d3cf0fb47b32c in struts's branch refs/heads/WW-5272-time from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=08de24588 ] WW-5272 Extends to support java.sql.Time > java.lang.UnsupportedOperationException in the Time component > - > > Key: WW-5272 > URL: https://issues.apache.org/jira/browse/WW-5272 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.0.3 >Reporter: Massimiliano Del Matto >Priority: Major > Fix For: 6.2.0 > > Time Spent: 20m > Remaining Estimate: 0h > > We are facing a java.lang.UnsupportedOperationException on some java.sql.Time > fields in our frontend after migrating from 2.5.26 to 6.0.3. > Error 12/22/2022 09:52:20:122 Caused by: > java.lang.UnsupportedOperationException > Error 12/22/2022 09:52:20:122 at java.sql.Time.toInstant(Time.java:291) > Error 12/22/2022 09:52:20:122 at > org.apache.struts2.components.Date.end(Date.java:299) > Error 12/22/2022 09:52:20:122 at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:40) > Error 12/22/2022 09:52:20:122 at > JEE_jsp_pages_ReadTicketGoing_1671640129851._jspx_method_s_date_2(JEE_jsp_pages_ReadTicketGoing_1671640129851.java:408) > Error 12/22/2022 09:52:20:122 at > JEE_jsp_pages_ReadTicketGoing_1671640129851._jspx_method_s_form_0(JEE_jsp_pages_ReadTicketGoing_1671640129851.java:1950) > Error 12/22/2022 09:52:20:122 at > JEE_jsp_pages_ReadTicketGoing_1671640129851._jspService(JEE_jsp_pages_ReadTicketGoing_1671640129851.java:60) > ... > > At line 299 in Date.java there is no code related to java.sql.Time > [https://github.com/apache/struts/blob/STRUTS_6_0_3/core/src/main/java/org/apache/struts2/components/Date.java#L299] > > java.sql.Time extends java.util.Date so when dateObject is java.sql.Time is > treated like an instanceof java.util.Date and toInstant() throws the > UnsupportedOperationException. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[ https://issues.apache.org/jira/browse/WW-5273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652789#comment-17652789 ] ASF subversion and git services commented on WW-5273: - Commit 99e3992ed27bdbb82a902537ae9df07e7d65a9c1 in struts's branch refs/heads/WW-5273-servlet-upload from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=99e3992ed ] WW-5273 Supports file upload using Servlet API 3.1 > Support fileupload using native Servlet API 3.1 logic > - > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5266) Add configuration option for a per-file max size for multipart requests
[ https://issues.apache.org/jira/browse/WW-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5266. --- Resolution: Won't Fix > Add configuration option for a per-file max size for multipart requests > --- > > Key: WW-5266 > URL: https://issues.apache.org/jira/browse/WW-5266 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > > In addition to the existing `struts.multipart.maxSize`, allow the > configuration of a per-file max size using `struts.multipart.maxFileSize` -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (WW-5266) Add configuration option for a per-file max size for multipart requests
[
https://issues.apache.org/jira/browse/WW-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652786#comment-17652786
]
Lukasz Lenart edited comment on WW-5266 at 12/29/22 9:46 AM:
-
There is already {{maximumSize}} parameter in the file upload interceptor for
such needs
https://struts.apache.org/core-developers/file-upload.html#file-size-limits
was (Author: lukaszlenart):
There is already {{
> Add configuration option for a per-file max size for multipart requests
> ---
>
> Key: WW-5266
> URL: https://issues.apache.org/jira/browse/WW-5266
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.2.0
>
>
> In addition to the existing `struts.multipart.maxSize`, allow the
> configuration of a per-file max size using `struts.multipart.maxFileSize`
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Reopened] (WW-5266) Add configuration option for a per-file max size for multipart requests
[ https://issues.apache.org/jira/browse/WW-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart reopened WW-5266: --- > Add configuration option for a per-file max size for multipart requests > --- > > Key: WW-5266 > URL: https://issues.apache.org/jira/browse/WW-5266 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > > In addition to the existing `struts.multipart.maxSize`, allow the > configuration of a per-file max size using `struts.multipart.maxFileSize` -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[ https://issues.apache.org/jira/browse/WW-5273?focusedWorklogId=836090&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-836090 ] ASF GitHub Bot logged work on WW-5273: -- Author: ASF GitHub Bot Created on: 29/Dec/22 09:45 Start Date: 29/Dec/22 09:45 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #650: URL: https://github.com/apache/struts/pull/650#issuecomment-1367194607 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=650) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [2 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [13 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [50.2% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 836090) Time Spent: 20m (was: 10m) > Support fileupload using native Servlet API 3.1 logic > - > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (WW-5266) Add configuration option for a per-file max size for multipart requests
[
https://issues.apache.org/jira/browse/WW-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart closed WW-5266.
-
Resolution: Won't Fix
There is already {{
> Add configuration option for a per-file max size for multipart requests
> ---
>
> Key: WW-5266
> URL: https://issues.apache.org/jira/browse/WW-5266
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.2.0
>
>
> In addition to the existing `struts.multipart.maxSize`, allow the
> configuration of a per-file max size using `struts.multipart.maxFileSize`
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[
https://issues.apache.org/jira/browse/WW-5273?focusedWorklogId=836091&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-836091
]
ASF GitHub Bot logged work on WW-5273:
--
Author: ASF GitHub Bot
Created on: 29/Dec/22 09:45
Start Date: 29/Dec/22 09:45
Worklog Time Spent: 10m
Work Description: github-code-scanning[bot] commented on code in PR #650:
URL: https://github.com/apache/struts/pull/650#discussion_r1058848403
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/ServletMultiPartRequest.java:
##
@@ -0,0 +1,246 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.dispatcher.multipart;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.dispatcher.LocalizedMessage;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.Part;
+import java.io.File;
+import java.io.IOException;
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * Pure Servlet API 3.1 based implementation
+ */
+public class ServletMultiPartRequest extends AbstractMultiPartRequest {
+
+private static final Logger LOG =
LogManager.getLogger(ServletMultiPartRequest.class);
+
+private Map> uploadedFiles = new HashMap<>();
+private Map> parameters = new HashMap<>();
+
+@Override
+public void parse(HttpServletRequest request, String saveDir) throws
IOException {
+try {
+if (isSizeLimitExceeded(request)) {
+applySizeLimitExceededError(request);
+return;
+}
+parseParts(request, saveDir);
+} catch (ServletException e) {
+LOG.warn("Error occurred during parsing of multi part request", e);
+LocalizedMessage errorMessage = buildErrorMessage(e, new
Object[]{e.getMessage()});
+if (!errors.contains(errorMessage)) {
+errors.add(errorMessage);
+}
+}
+}
+
+private void parseParts(HttpServletRequest request, String saveDir) throws
IOException, ServletException {
+Collection parts = request.getParts();
+if (parts.isEmpty()) {
+LocalizedMessage error = buildErrorMessage(new IOException(), new
Object[]{"No boundary defined!"});
+if (!errors.contains(error)) {
+errors.add(error);
+}
+return;
+}
+for (Part part : parts) {
+if (part.getSubmittedFileName() == null) { // normal field
+LOG.debug("Ignoring a normal form field: {}", part.getName());
+} else { // file upload
+LOG.debug("Storing file: {} in save dir: {}",
part.getSubmittedFileName(), saveDir);
Review Comment:
## Logging should not be vulnerable to injection attacks
Change this code to not log
user-controlled data. See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AYVdRXPwlHcyP0Z-M9IE&open=AYVdRXPwlHcyP0Z-M9IE&pullRequest=650";>SonarCloud
[Show more
details](https://github.com/apache/struts/security/code-scanning/205)
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/ServletMultiPartRequest.java:
##
@@ -0,0 +1,246 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BAS
[GitHub] [struts] github-code-scanning[bot] commented on a diff in pull request #650: [WW-5273] Supports file upload using Servlet API 3.1
github-code-scanning[bot] commented on code in PR #650:
URL: https://github.com/apache/struts/pull/650#discussion_r1058848403
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/ServletMultiPartRequest.java:
##
@@ -0,0 +1,246 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.dispatcher.multipart;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.dispatcher.LocalizedMessage;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.Part;
+import java.io.File;
+import java.io.IOException;
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * Pure Servlet API 3.1 based implementation
+ */
+public class ServletMultiPartRequest extends AbstractMultiPartRequest {
+
+private static final Logger LOG =
LogManager.getLogger(ServletMultiPartRequest.class);
+
+private Map> uploadedFiles = new HashMap<>();
+private Map> parameters = new HashMap<>();
+
+@Override
+public void parse(HttpServletRequest request, String saveDir) throws
IOException {
+try {
+if (isSizeLimitExceeded(request)) {
+applySizeLimitExceededError(request);
+return;
+}
+parseParts(request, saveDir);
+} catch (ServletException e) {
+LOG.warn("Error occurred during parsing of multi part request", e);
+LocalizedMessage errorMessage = buildErrorMessage(e, new
Object[]{e.getMessage()});
+if (!errors.contains(errorMessage)) {
+errors.add(errorMessage);
+}
+}
+}
+
+private void parseParts(HttpServletRequest request, String saveDir) throws
IOException, ServletException {
+Collection parts = request.getParts();
+if (parts.isEmpty()) {
+LocalizedMessage error = buildErrorMessage(new IOException(), new
Object[]{"No boundary defined!"});
+if (!errors.contains(error)) {
+errors.add(error);
+}
+return;
+}
+for (Part part : parts) {
+if (part.getSubmittedFileName() == null) { // normal field
+LOG.debug("Ignoring a normal form field: {}", part.getName());
+} else { // file upload
+LOG.debug("Storing file: {} in save dir: {}",
part.getSubmittedFileName(), saveDir);
Review Comment:
## Logging should not be vulnerable to injection attacks
Change this code to not log
user-controlled data. See more on https://sonarcloud.io/project/issues?id=apache_struts&issues=AYVdRXPwlHcyP0Z-M9IE&open=AYVdRXPwlHcyP0Z-M9IE&pullRequest=650";>SonarCloud
[Show more
details](https://github.com/apache/struts/security/code-scanning/205)
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/ServletMultiPartRequest.java:
##
@@ -0,0 +1,246 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.dispatcher.multipart;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.dispatcher.LocalizedMessage;
+
+import javax.servlet.Servle
[jira] [Updated] (WW-2278) Move S2 Tags into a plugin
[ https://issues.apache.org/jira/browse/WW-2278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-2278: -- Fix Version/s: 7.0.0 (was: 6.2.0) > Move S2 Tags into a plugin > -- > > Key: WW-2278 > URL: https://issues.apache.org/jira/browse/WW-2278 > Project: Struts 2 > Issue Type: Task > Components: Plugin - Tags >Affects Versions: 2.1.0 >Reporter: Ted Husted >Priority: Major > Fix For: 7.0.0 > > > See tread on list "Should tags be their own plugin?" beginning 5 Oct 2007. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #650: [WW-5273] Supports file upload using Servlet API 3.1
sonarcloud[bot] commented on PR #650: URL: https://github.com/apache/struts/pull/650#issuecomment-1367194607 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=650) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [2 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=650&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [13 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=650&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [50.2% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=650&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (WW-4393) Move FreeMarker support into dedicated plugin
[ https://issues.apache.org/jira/browse/WW-4393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4393: -- Fix Version/s: 7.0.0 (was: 6.2.0) > Move FreeMarker support into dedicated plugin > - > > Key: WW-4393 > URL: https://issues.apache.org/jira/browse/WW-4393 > Project: Struts 2 > Issue Type: Improvement >Reporter: Lukasz Lenart >Priority: Major > Fix For: 7.0.0 > > > The same as WW-4243 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[ https://issues.apache.org/jira/browse/WW-5273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-5273: -- Summary: Support fileupload using native Servlet API 3.1 logic (was: Migrate Commons Fileupload to native Servlet-based multipart file upload) > Support fileupload using native Servlet API 3.1 logic > - > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5233) Include Apache Tiles code base in the Tiles plugin
[ https://issues.apache.org/jira/browse/WW-5233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-5233: -- Fix Version/s: 7.0.0 (was: 6.2.0) > Include Apache Tiles code base in the Tiles plugin > -- > > Key: WW-5233 > URL: https://issues.apache.org/jira/browse/WW-5233 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Tiles >Reporter: Lukasz Lenart >Priority: Major > Fix For: 7.0.0 > > Time Spent: 3h > Remaining Estimate: 0h > > Apache Tiles has retired and it isn't maintained anymore. There are some > outstanding security issues that can be addressed right now. It will be > easier to maintain the code base as a part of the Tiles plugin instead of > taking the project back from attick. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5273) Migrate Commons Fileupload to native Servlet-based multipart file upload
[ https://issues.apache.org/jira/browse/WW-5273?focusedWorklogId=836089&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-836089 ] ASF GitHub Bot logged work on WW-5273: -- Author: ASF GitHub Bot Created on: 29/Dec/22 09:37 Start Date: 29/Dec/22 09:37 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #650: URL: https://github.com/apache/struts/pull/650 Also documents update is needed Closes [WW-5273](https://issues.apache.org/jira/browse/WW-5273) Issue Time Tracking --- Worklog Id: (was: 836089) Remaining Estimate: 0h Time Spent: 10m > Migrate Commons Fileupload to native Servlet-based multipart file upload > > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5273) Migrate Commons Fileupload to native Servlet-based multipart file upload
[ https://issues.apache.org/jira/browse/WW-5273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652784#comment-17652784 ] ASF subversion and git services commented on WW-5273: - Commit f92e3b945dd69d18034c6aa09ad6dcbec128f1fc in struts's branch refs/heads/WW-5273-servlet-upload from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=f92e3b945 ] WW-5273 Supports file upload using Servlet API 3.1 > Migrate Commons Fileupload to native Servlet-based multipart file upload > > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
