OFBiz › OFBiz - Commits

[ofbiz-framework] branch trunk updated: Improved: Increase the size of http.upload.max.sizethreshold

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

[ofbiz-framework] branch trunk updated: Improved: Increase the size of http.upload.max.sizethreshold

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

The following commit(s) were added to refs/heads/trunk by this push:
new d0144d9 Improved: Increase the size of http.upload.max.sizethreshold
d0144d9 is described below

commit d0144d96e127e93d4f9fbe2b2f0a3604e77eca10
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sun Apr 19 15:41:10 2020 +0200

Improved: Increase the size of http.upload.max.sizethreshold

(OFBIZ-11598)

That's rather refactoring to avoid to have the size hardcoded in several places
Next: ask if it's OK for everyone to increase the size
---
.../content/content/UploadContentAndImage.java | 24 ++++--
.../apache/ofbiz/content/layout/LayoutWorker.java | 16 +++-
.../java/org/apache/ofbiz/base/util/UtilHttp.java | 91 ++++++++++++++--------
3 files changed, 91 insertions(+), 40 deletions(-)

diff --git a/applications/content/src/main/java/org/apache/ofbiz/content/content/UploadContentAndImage.java b/applications/content/src/main/java/org/apache/ofbiz/content/content/UploadContentAndImage.java
index 7f33e37..8d40d4c 100644
--- a/applications/content/src/main/java/org/apache/ofbiz/content/content/UploadContentAndImage.java
+++ b/applications/content/src/main/java/org/apache/ofbiz/content/content/UploadContentAndImage.java
@@ -18,6 +18,7 @@
*******************************************************************************/
package org.apache.ofbiz.content.content;

+import java.io.File;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
@@ -33,7 +34,6 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.ofbiz.base.util.Debug;
-import org.apache.ofbiz.base.util.FileUtil;
import org.apache.ofbiz.base.util.StringUtil;
import org.apache.ofbiz.base.util.UtilDateTime;
import org.apache.ofbiz.base.util.UtilGenerics;
@@ -76,10 +76,15 @@ public class UploadContentAndImage {
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue)session.getAttribute("userLogin");

- ServletFileUpload dfu = new ServletFileUpload(new DiskFileItemFactory(10240, FileUtil.getFile("runtime/tmp")));
+ long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+ int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+ File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+ ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+ upload.setSizeMax(maxUploadSize);
List<FileItem> lst = null;
try {
- lst = UtilGenerics.cast(dfu.parseRequest(request));
+ lst = UtilGenerics.cast(upload.parseRequest(request));
} catch (FileUploadException e4) {
request.setAttribute("_ERROR_MESSAGE_", e4.getMessage());
Debug.logError("[UploadContentAndImage.uploadContentAndImage] " + e4.getMessage(), MODULE);
@@ -188,7 +193,7 @@ public class UploadContentAndImage {

if (UtilValidate.isEmpty(ftlContentId)) {
ftlContentId = passedContentId;
- }
+ }

String ftlDataResourceId = drid;

@@ -335,11 +340,18 @@ public class UploadContentAndImage {
try {
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue)session.getAttribute("userLogin");
+ Delegator delegator = (Delegator)request.getAttribute("delegator");
+
+ long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+ int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+ File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+ ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+ upload.setSizeMax(maxUploadSize);

- ServletFileUpload dfu = new ServletFileUpload(new DiskFileItemFactory(10240, FileUtil.getFile("runtime/tmp")));
List<FileItem> lst = null;
try {
- lst = UtilGenerics.cast(dfu.parseRequest(request));
+ lst = UtilGenerics.cast(upload.parseRequest(request));
} catch (FileUploadException e4) {
request.setAttribute("_ERROR_MESSAGE_", e4.getMessage());
Debug.logError("[UploadContentAndImage.uploadContentAndImage] " + e4.getMessage(), MODULE);
diff --git a/applications/content/src/main/java/org/apache/ofbiz/content/layout/LayoutWorker.java b/applications/content/src/main/java/org/apache/ofbiz/content/layout/LayoutWorker.java
index 8b63e9e..a3302bc 100644
--- a/applications/content/src/main/java/org/apache/ofbiz/content/layout/LayoutWorker.java
+++ b/applications/content/src/main/java/org/apache/ofbiz/content/layout/LayoutWorker.java
@@ -36,6 +36,7 @@ import org.apache.ofbiz.base.util.UtilHttp;
import org.apache.ofbiz.base.util.UtilMisc;
import org.apache.ofbiz.base.util.UtilProperties;
import org.apache.ofbiz.base.util.UtilValidate;
+import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.service.ServiceUtil;

/**
@@ -59,10 +60,19 @@ public final class LayoutWorker {
Map<String, Object> results = new HashMap<>();
Map<String, String> formInput = new HashMap<>();
results.put("formInput", formInput);
- ServletFileUpload fu = new ServletFileUpload(new DiskFileItemFactory(10240, new File(new File("runtime"), "tmp")));
+
+ Delegator delegator = (Delegator)request.getAttribute("delegator");
+
+ long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+ int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+ File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+ ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+ upload.setSizeMax(maxUploadSize);
+
List<FileItem> lst = null;
try {
- lst = UtilGenerics.cast(fu.parseRequest(request));
+ lst = UtilGenerics.cast(upload.parseRequest(request));
} catch (FileUploadException e4) {
return ServiceUtil.returnError(e4.getMessage());
}
@@ -98,7 +108,7 @@ public final class LayoutWorker {
}

if (imageFi == null) {
- String errMsg = UtilProperties.getMessage(err_resource,
+ String errMsg = UtilProperties.getMessage(err_resource,
"layoutEvents.image_null", UtilMisc.toMap("imageFi", imageFi), locale);
request.setAttribute("_ERROR_MESSAGE_", errMsg);
return null;
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
index bfd0234..68b8b6b 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
@@ -66,7 +66,6 @@ import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.fileupload.servlet.ServletRequestContext;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
@@ -183,32 +182,16 @@ public final class UtilHttp {
HttpSession session = request.getSession();
boolean isMultiPart = ServletFileUpload.isMultipartContent(request);
if (isMultiPart) {
- // get the http upload configuration
- String maxSizeStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.size", "-1", delegator);
- long maxUploadSize = -1;
- try {
- maxUploadSize = Long.parseLong(maxSizeStr);
- } catch (NumberFormatException e) {
- Debug.logError(e, "Unable to obtain the max upload size from general.properties; using default -1", MODULE);
- maxUploadSize = -1;
- }
- // get the http size threshold configuration - files bigger than this will be
- // temporarly stored on disk during upload
- String sizeThresholdStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.sizethreshold", "10240", delegator);
- int sizeThreshold = 10240; // 10K
- try {
- sizeThreshold = Integer.parseInt(sizeThresholdStr);
- } catch (NumberFormatException e) {
- Debug.logError(e, "Unable to obtain the threshold size from general.properties; using default 10K", MODULE);
- sizeThreshold = -1;
- }
- // directory used to temporarily store files that are larger than the configured size threshold
- String tmpUploadRepository = EntityUtilProperties.getPropertyValue("general", "http.upload.tmprepository", "runtime/tmp", delegator);
+ long maxUploadSize = getMaxUploadSize(delegator);
+ int sizeThreshold = getSizeThreshold(delegator);
+ File tmpUploadRepository = getTmpUploadRepository(delegator);
+
String encoding = request.getCharacterEncoding();
// check for multipart content types which may have uploaded items

- ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, new File(tmpUploadRepository)));
-
+ ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+ upload.setSizeMax(maxUploadSize);
+
// create the progress listener and add it to the session
FileUploadProgressListener listener = new FileUploadProgressListener();
upload.setProgressListener(listener);
@@ -217,7 +200,6 @@ public final class UtilHttp {
if (encoding != null) {
upload.setHeaderEncoding(encoding);
}
- upload.setSizeMax(maxUploadSize);

List<FileItem> uploadedItems = null;
try {
@@ -288,6 +270,53 @@ public final class UtilHttp {
return multiPartMap;
}

+ /**
+ * @param delegator
+ * @return maxUploadSize
+ */
+ public static long getMaxUploadSize(Delegator delegator) {
+ // get the HTTP upload configuration
+ String maxSizeStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.size", "-1", delegator);
+ long maxUploadSize = -1;
+ try {
+ maxUploadSize = Long.parseLong(maxSizeStr);
+ } catch (NumberFormatException e) {
+ Debug.logError(e, "Unable to obtain the max upload size from general.properties; using default -1", MODULE);
+ maxUploadSize = -1;
+ }
+ return maxUploadSize;
+ }
+
+ /**
+ * @param delegator
+ * @return sizeThreshold
+ */
+ public static int getSizeThreshold(Delegator delegator) {
+ // get the HTTP size threshold configuration - files bigger than this will be
+ // temporarily stored on disk during upload
+ String sizeThresholdStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.sizethreshold",
+ "10240", delegator);
+ int sizeThreshold = 10240; // 10K
+ try {
+ sizeThreshold = Integer.parseInt(sizeThresholdStr);
+ } catch (NumberFormatException e) {
+ Debug.logError(e, "Unable to obtain the threshold size from general.properties; using default 10K", MODULE);
+ sizeThreshold = -1;
+ }
+ return sizeThreshold;
+ }
+
+ /**
+ * @param delegator
+ * @return tmpUploadRepository
+ */
+ public static File getTmpUploadRepository(Delegator delegator) {
+ // directory used to temporarily store files that are larger than the configured size threshold
+ String tmpUploadRepository = EntityUtilProperties.getPropertyValue("general", "http.upload.tmprepository",
+ "runtime/tmp", delegator);
+ return new File(tmpUploadRepository);
+ }
+
public static Map<String, Object> getQueryStringOnlyParameterMap(String queryString) {
Map<String, Object> paramMap = new HashMap<>();
if (UtilValidate.isNotEmpty(queryString)) {
@@ -650,7 +679,7 @@ public final class UtilHttp {
if (request.getContextPath().length() > 1) {
appName = request.getContextPath().substring(1);
}
- // When you set a mountpoint which contains a slash inside its name (ie not only a slash as a trailer, which is possible),
+ // When you set a mountpoint which contains a slash inside its name (ie not only a slash as a trailer, which is possible),
// as it's needed with OFBIZ-10765, OFBiz tries to create a cookie with a slash in its name and that's impossible.
return appName.replaceAll("/","_");
}
@@ -1117,18 +1146,18 @@ public final class UtilHttp {
}
}

- /** The only x-content-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
+ /** The only x-content-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
This also applies to Google Chrome, when downloading extensions. */
resp.addHeader("x-content-type-options", "nosniff");

- /** This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
- It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
+ /** This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
+ It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.
FireFox has still an open bug entry and "offers" only the noscript plugin
- https://wiki.mozilla.org/Security/Features/XSS_Filter
+ https://wiki.mozilla.org/Security/Features/XSS_Filter
https://bugzilla.mozilla.org/show_bug.cgi?id=528661
**/
- resp.addHeader("X-XSS-Protection","1; mode=block");
+ resp.addHeader("X-XSS-Protection","1; mode=block");

resp.setHeader("Referrer-Policy", "no-referrer-when-downgrade"); // This is the default (in Firefox at least)