In the automated testing we run on our application there was not one test that passed that used a browser backend be it Chrome or HtmlUnit without adjusting the regular expression.
On Mon, Jul 17, 2017 at 5:29 AM, Adam Brin <ab...@digitalantiquity.org> wrote: > Hi Lukasz, > Yes, > > - adam > > On Sun, Jul 16, 2017 at 11:03 PM, Lukasz Lenart <lukaszlen...@apache.org> > wrote: > >> I assume that this is the related ticket to this [1], right? >> >> [1] https://issues.apache.org/jira/browse/WW-4818 >> >> 2017-07-14 15:46 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>: >> > We have a number of API components that include a textBody as part of >> the >> > multipart request. In 2.5.12, these requests are being kicked out >> (while >> > in 2.5.10 they were fine. changing the constant: >> > >> > <constant name="struts.multipart.validationRegex" value="(.*)"/> >> > >> > to allow anything (as in the example) seems to fix the issue, but this >> > seems imprudent. This is the code that's making the API call, which >> seems >> > harmless enough: >> > >> > // using the >> > org.apache.http.entity.mime.MultipartEntityBuilder >> > >> > MultipartEntityBuilder builder = MultipartEntityBuilder.create( >> ); >> > >> > builder.addTextBody("record", docXml, ContentType.create( >> > "application/xml", Consts.UTF_8)); >> > >> > builder.addTextBody(ACCOUNT_ID, accountId.toString()); >> > >> > HttpPost post = new HttpPost(baseUrl + API_INGEST_UPDATE_FILES); >> > >> > post.setEntity(builder.build()); >> > >> > CloseableHttpResponse response = getHttpClient().execute(post); >> > >> > >> > In looking deeper, (with the http requests on trace, we see multipart >> > boundaries of: >> > >> > Content-Type: multipart/form-data; boundary=BRKIypZ3Stvuclu7C*-* >> > CTbP2fNljGAOVk[\r][\n] >> > >> > >> > It looks like the RFC does include hyphens in the boundaries too: >> > https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html though I'm less >> > sure about other characters. I worry this default regex will likely >> trip >> > up lots of uploads silently, >> > -- >> > _________________________________________________________ >> > Adam Brin >> > Director of Technology, Digital Antiquity >> > 480.965.1278 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > > -- > _________________________________________________________ > Adam Brin > Director of Technology, Digital Antiquity > 480.965.1278 <(480)%20965-1278> > -- _________________________________________________________ Adam Brin Director of Technology, Digital Antiquity 480.965.1278