I assume that this is the related ticket to this [1], right? [1] https://issues.apache.org/jira/browse/WW-4818
2017-07-14 15:46 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>: > We have a number of API components that include a textBody as part of the > multipart request. In 2.5.12, these requests are being kicked out (while > in 2.5.10 they were fine. changing the constant: > > <constant name="struts.multipart.validationRegex" value="(.*)"/> > > to allow anything (as in the example) seems to fix the issue, but this > seems imprudent. This is the code that's making the API call, which seems > harmless enough: > > // using the > org.apache.http.entity.mime.MultipartEntityBuilder > > MultipartEntityBuilder builder = MultipartEntityBuilder.create(); > > builder.addTextBody("record", docXml, ContentType.create( > "application/xml", Consts.UTF_8)); > > builder.addTextBody(ACCOUNT_ID, accountId.toString()); > > HttpPost post = new HttpPost(baseUrl + API_INGEST_UPDATE_FILES); > > post.setEntity(builder.build()); > > CloseableHttpResponse response = getHttpClient().execute(post); > > > In looking deeper, (with the http requests on trace, we see multipart > boundaries of: > > Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C*-* > CTbP2fNljGAOVk[\r][\n] > > > It looks like the RFC does include hyphens in the boundaries too: > https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html though I'm less > sure about other characters. I worry this default regex will likely trip > up lots of uploads silently, > -- > _________________________________________________________ > Adam Brin > Director of Technology, Digital Antiquity > 480.965.1278 --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org