esapi-java-legacy icon indicating copy to clipboard operation
esapi-java-legacy copied to clipboard

Published 20 hours ago verified publisher icon ESAPI

HTTPUtilities.getFileUploads(...) does not allow access to other form posted parameters (FileItem form fields).

Open meg23 opened this issue 10 years ago • 3 comments

From [email protected] on March 04, 2011 14:05:49

The HTTPUtilities.getFileUploads(...) methods do not provide a means to get at non-file posted fields.

This could be fixed by either:

  1. Overloading the methods once again to provide a list that could be populated with the form fields.
  2. Creating a another method that returns the list of files and the form fields.

I think the second approach would be better, but I wouldn't stop there. I feel the best approach would be to create a new interface and implementation specifically for file uploads, which allow returning both types of items. By doing this, the DefaultHTTPUtilities would no longer have a dependency on the apache-commons-fileupload code, so applications could use DefaultHTTPUtilities and not have to include the fileupload code if it didn't do any file upload.

I've included a patch with the changes I would make. I didn't create any new unit tests, but the existing ones all pass.

Attachment: fileupload.patch.txt

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=213

meg23 avatar Nov 13 '14 18:11 meg23

From [email protected] on September 18, 2014 13:04:09

Labels: Type-Enhancement

meg23 avatar Nov 13 '14 18:11 meg23

From [email protected] on September 22, 2014 18:57:01

Labels: Priority-Low FirstBug OpSys-All

meg23 avatar Nov 13 '14 18:11 meg23

From [email protected] on September 26, 2014 20:10:28

Labels: Component-HttpUtilities

meg23 avatar Nov 13 '14 18:11 meg23