[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[
https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694333#comment-17694333
]
Lukasz Lenart commented on WW-5285:
---
The current implementation is a global option, the same as
{{struts.multipart.maxSize}} which applies to whole request (and not to a
single file). The {{maximumSize}} option in interceptor applies to a single
file, and checking the number of files here is way too late as the request was
already parsed.
https://struts.apache.org/core-developers/file-upload.html#file-size-limits
> Upgrade commons-fileupload to ver 1.5 and add option to limit number of
> accepted files
> --
>
> Key: WW-5285
> URL: https://issues.apache.org/jira/browse/WW-5285
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Major
> Fix For: 6.2.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> With a new version of commons-fileupload a new option has been added to limit
> number of uploaded files (not size, but number). It would be good to support
> this in Struts as well by adding a new constant "struts.multipart.maxFiles"
> [https://github.com/apache/commons-fileupload/pull/185]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694335#comment-17694335 ] ASF subversion and git services commented on WW-5285: - Commit 253cd9f5301c8a4920ccca28e8f8c318b3102352 in struts's branch refs/heads/WW-5285-max-files from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=253cd9f53 ] WW-5285 Uses Long and null to check if option has been defined > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 40m > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] lukaszlenart commented on a diff in pull request #662: [WW-5285] Limits max number of files to upload at once
lukaszlenart commented on code in PR #662:
URL: https://github.com/apache/struts/pull/662#discussion_r1119623122
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java:
##
@@ -54,6 +54,12 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
protected long maxSize;
protected boolean maxSizeProvided;
+/**
+ * Specifies the maximum number of files in one request.
+ */
+protected long maxFiles;
+protected boolean maxFilesProvided;
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Work logged] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[
https://issues.apache.org/jira/browse/WW-5285?focusedWorklogId=847939&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-847939
]
ASF GitHub Bot logged work on WW-5285:
--
Author: ASF GitHub Bot
Created on: 28/Feb/23 06:27
Start Date: 28/Feb/23 06:27
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #662:
URL: https://github.com/apache/struts/pull/662#discussion_r1119623122
##
core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java:
##
@@ -54,6 +54,12 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
protected long maxSize;
protected boolean maxSizeProvided;
+/**
+ * Specifies the maximum number of files in one request.
+ */
+protected long maxFiles;
+protected boolean maxFilesProvided;
Review Comment:
Done
Issue Time Tracking
---
Worklog Id: (was: 847939)
Time Spent: 50m (was: 40m)
> Upgrade commons-fileupload to ver 1.5 and add option to limit number of
> accepted files
> --
>
> Key: WW-5285
> URL: https://issues.apache.org/jira/browse/WW-5285
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Major
> Fix For: 6.2.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> With a new version of commons-fileupload a new option has been added to limit
> number of uploaded files (not size, but number). It would be good to support
> this in Struts as well by adding a new constant "struts.multipart.maxFiles"
> [https://github.com/apache/commons-fileupload/pull/185]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #662: [WW-5285] Limits max number of files to upload at once
sonarcloud[bot] commented on PR #662: URL: https://github.com/apache/struts/pull/662#issuecomment-1447659594 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=662) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [1 Bug](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [44.9% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?focusedWorklogId=847943&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-847943 ] ASF GitHub Bot logged work on WW-5285: -- Author: ASF GitHub Bot Created on: 28/Feb/23 06:34 Start Date: 28/Feb/23 06:34 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #662: URL: https://github.com/apache/struts/pull/662#issuecomment-1447659594 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=662) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [1 Bug](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [44.9% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 847943) Time Spent: 1h (was: 50m) > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694344#comment-17694344 ] Kusal Kithul-Godage commented on WW-5285: - [~lukaszlenart] Makes sense - so `struts.multipart.maxFiles` is in a way intended to be a security option to prevent the parsing of a request with over a certain number of files. So is there no similar need based on a file's max size? This was my intention with WW-5266. Given the existence of `org.apache.commons.fileupload.FileUploadBase#setFileSizeMax`, it would be a trivial addition - if you think it is worthwhile that is. > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694357#comment-17694357 ] Lukasz Lenart commented on WW-5285: --- Yes, it's a security option. And now I see WW-5266 can be implemented as there is a direct support in commons-fileupload, yet having this in interceptor is a bit too late, it must be also a global option to be applied once the MultipartParser is created. > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694358#comment-17694358 ] ASF subversion and git services commented on WW-5285: - Commit 13c93aaa75bea84ee8f597af02975bbcc655cd03 in struts's branch refs/heads/WW-5285-max-files from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=13c93aaa7 ] WW-5285 Uses Long and null to check if option has been defined > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694361#comment-17694361 ] Kusal Kithul-Godage commented on WW-5285: - [~lukaszlenart] Yep that was my original intention, once your existing multipart PRs are merged, and when I find time, I will put up a PR with this new global option for you to consider. > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (WW-5266) Add configuration option for a per-file max size for multipart requests
[ https://issues.apache.org/jira/browse/WW-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart reopened WW-5266: --- > Add configuration option for a per-file max size for multipart requests > --- > > Key: WW-5266 > URL: https://issues.apache.org/jira/browse/WW-5266 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > > In addition to the existing `struts.multipart.maxSize`, allow the > configuration of a per-file max size using `struts.multipart.maxFileSize` -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694363#comment-17694363 ] Lukasz Lenart commented on WW-5285: --- Cool, sorry that I missed that in the beginning :) > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #662: [WW-5285] Limits max number of files to upload at once
sonarcloud[bot] commented on PR #662: URL: https://github.com/apache/struts/pull/662#issuecomment-1447695608 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=662) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [44.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?focusedWorklogId=847953&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-847953 ] ASF GitHub Bot logged work on WW-5285: -- Author: ASF GitHub Bot Created on: 28/Feb/23 07:17 Start Date: 28/Feb/23 07:17 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #662: URL: https://github.com/apache/struts/pull/662#issuecomment-1447695608 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=662) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=662&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=662&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [44.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=662&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 847953) Time Spent: 1h 10m (was: 1h) > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5285) Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files
[ https://issues.apache.org/jira/browse/WW-5285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694370#comment-17694370 ] Kusal Kithul-Godage commented on WW-5285: - No problem - it's good to discuss and clarify > Upgrade commons-fileupload to ver 1.5 and add option to limit number of > accepted files > -- > > Key: WW-5285 > URL: https://issues.apache.org/jira/browse/WW-5285 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > With a new version of commons-fileupload a new option has been added to limit > number of uploaded files (not size, but number). It would be good to support > this in Struts as well by adding a new constant "struts.multipart.maxFiles" > [https://github.com/apache/commons-fileupload/pull/185] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] lukaszlenart commented on pull request #660: WW-5268 Ability to exempt classes from package exclusions
lukaszlenart commented on PR #660: URL: https://github.com/apache/struts/pull/660#issuecomment-1447702689 LGTM 👍 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694373#comment-17694373 ] Lukasz Lenart commented on WW-5268: --- I wonder if such mechanism shouldn't be moved into OGNL directly with option to configure/extend it by Struts when needed. Right now we are ending up with a bunch of similar options which are applied in normal mode or in devMode. I need to finish refactoring OGNL and make this option available there. > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?focusedWorklogId=847956&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-847956 ] ASF GitHub Bot logged work on WW-5268: -- Author: ASF GitHub Bot Created on: 28/Feb/23 07:25 Start Date: 28/Feb/23 07:25 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #660: URL: https://github.com/apache/struts/pull/660#issuecomment-1447702689 LGTM 👍 Issue Time Tracking --- Worklog Id: (was: 847956) Time Spent: 20m (was: 10m) > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 20m > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694374#comment-17694374 ] ASF subversion and git services commented on WW-5268: - Commit 5fcee890d593d6eb5034e836bb3cf9e565d7061d in struts's branch refs/heads/master from Kusal Kithul-Godage [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5fcee890d ] WW-5268 Implement ability to specify exempt classes for package exclusions > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?focusedWorklogId=847957&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-847957 ] ASF GitHub Bot logged work on WW-5268: -- Author: ASF GitHub Bot Created on: 28/Feb/23 07:26 Start Date: 28/Feb/23 07:26 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #660: URL: https://github.com/apache/struts/pull/660 Issue Time Tracking --- Worklog Id: (was: 847957) Time Spent: 0.5h (was: 20m) > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694376#comment-17694376 ] Lukasz Lenart commented on WW-5268: --- [~kusal] could you update the docs as well? > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694375#comment-17694375 ] ASF subversion and git services commented on WW-5268: - Commit 6a27f460c0b3121101d93b39e6109eee09ffcdfa in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=6a27f460c ] Merge pull request #660 from atlassian/WW-5268-excluded-package-exemptions WW-5268 Ability to exempt classes from package exclusions > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (WW-5273) Support fileupload using native Servlet API 3.1 logic
[ https://issues.apache.org/jira/browse/WW-5273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-5273. - Resolution: Won't Fix Instead this broken implementation we are going to wait on full Jakarta API support as stated in WW-5141 > Support fileupload using native Servlet API 3.1 logic > - > > Key: WW-5273 > URL: https://issues.apache.org/jira/browse/WW-5273 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Since Servlet API 3.1 there is no need in using Commons Fileupload as the > servlets support it. > https://stackoverflow.com/questions/68820707/jetty-11-and-commons-fileupload -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694382#comment-17694382 ] Kusal Kithul-Godage commented on WW-5268: - [~lukaszlenart] Yep! Where are the source files located? I haven't updated them before > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] lukaszlenart commented on pull request #650: [WW-5273] Supports file upload using Servlet API 3.1
lukaszlenart commented on PR #650: URL: https://github.com/apache/struts/pull/650#issuecomment-1447710045 Closing in favour of [WW-5141](https://issues.apache.org/jira/browse/WW-5141) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694389#comment-17694389 ] Lukasz Lenart commented on WW-5268: --- Here is a section [https://struts.apache.org/security/#internal-security-mechanism] And source is in GH, just another PR ;) [https://github.com/apache/struts-site/blob/master/source/security/index.md] > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
