[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-dev
Subject: [jira] [Resolved] (WW-4818) Default Multipart validation regex is invalid
From: "Lukasz Lenart (JIRA)" <jira () apache ! org>
Date: 2017-07-30 10:02:00
Message-ID: JIRA.13087262.1500054944000.46051.1501408920617 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WW-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Lukasz Lenart resolved WW-4818.
-------------------------------
Resolution: Fixed
> Default Multipart validation regex is invalid
> ---------------------------------------------
>
> Key: WW-4818
> URL: https://issues.apache.org/jira/browse/WW-4818
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.5.12
> Reporter: adam brin
> Fix For: 2.5.13
>
>
> 2.5.12 introduced a regex matches for multipart requests. The default regex used, \
> however is significantly too strict based on the RFC, as well as common practice. \
> Specifically, at minimum, it needs to include the *hyphen* and more likely needs to \
> support all of the fields defined by the RFC \
> (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html). {quote}bcharsnospace := \
> DIGIT / ALPHA / "'" / "(" / ")" / "+" / "_" / "," / "-" / "." / "/" / ":" / "=" / \
> "?"{quote} In basic testing, we've seen:
> {code} Content-Type: multipart/form-data; \
> boundary=BRKIypZ3Stvuclu7C-CTbP2fNljGAOVk[\r][\n]{code} (generated by the Apache \
> HttpClient) and
> {code}multipart/form-data; boundary=----WebKitFormBoundaryZGDtABnGWGozLAjh{code} \
> (generated by Safari)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic