remm 2003/11/15 01:45:02
Modified: catalina/src/share/org/apache/coyote/tomcat5 CoyoteConnector.java CoyoteRequest.java LocalStrings.properties Log: - Add a limit to the size of a POST which will be processed using
getParameter
(which does allocate a significant amount of objects).
int len = getContentLength();
if (len > 0) { + if (len > ((CoyoteConnector) connector).getMaxPostSize()) { + log(sm.getString("coyoteRequest.postTooLarge")); + return; + } try { byte[] formData = null; if (len < CACHED_POST_LEN) {
I'm -1 on this. It gives the Servlet no indication that anything is wrong, and leaves junk in the input stream for the next keep-alive request. I think that it would be better to handle this in the Adaptor's postParseRequest method.
This is a security issues, so I'll have to ignore your -1, since you give no alternative solution.
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]