As of 1.30rc1 you can construct an instance of the ServletMultipartRequest with an additional parameter: maxBytesExceededMode.
If you specify a mode of MultipartRequest.IGNORE_FILES_IF_MAX_BYES_EXCEEDEDIGNORE_PARAMETERS_IF_MAX_BYES_EXCEEDED,
all file parameter contents will be ignored, but normal parameters and file parameter filename / content-type info will be available.
A new method isMaxBytesExceeded() has been introduced so you can check if the upload has exceeded upload limits.
Using this functionality is a bit risky, because a Denial-of-service attack could still be initiated in several ways.
Because the InputStream is still being read, the potential to send a huge amount of data would still cause issues for the servlet engine, even if it is not saving it to disk, or to memory.
The getFile(strName), getFileContents(strName) and getFileSize(strName) methods will all return null or -1 if maxbytes has been exceeed, and the maxBytesExceededMode is MultipartRequest.IGNORE_FILES_IF_MAX_BYES_EXCEEDEDIGNORE_PARAMETERS_IF_MAX_BYES_EXCEEDED
I will be uploading this update to the sourceforge site today.
I would appreciate it any feedback on the functionality please.
Thanks
Jason
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it possible to get the name of the file that was uploaded if the file is > MAX_READ_BYTES and an IOException is thrown?
Thanks
Nope!
The complete process aborts before any of the processing actually occurs.
the Content-Lengh header is checked, and the exception thrown before even trying to read the input stream.
Regards
Jason
I guess we could process the complete upload, and ignore it, except for getting the filenames.
Hi,
As of 1.30rc1 you can construct an instance of the ServletMultipartRequest with an additional parameter: maxBytesExceededMode.
If you specify a mode of MultipartRequest.IGNORE_FILES_IF_MAX_BYES_EXCEEDEDIGNORE_PARAMETERS_IF_MAX_BYES_EXCEEDED,
all file parameter contents will be ignored, but normal parameters and file parameter filename / content-type info will be available.
A new method isMaxBytesExceeded() has been introduced so you can check if the upload has exceeded upload limits.
Using this functionality is a bit risky, because a Denial-of-service attack could still be initiated in several ways.
Because the InputStream is still being read, the potential to send a huge amount of data would still cause issues for the servlet engine, even if it is not saving it to disk, or to memory.
The getFile(strName), getFileContents(strName) and getFileSize(strName) methods will all return null or -1 if maxbytes has been exceeed, and the maxBytesExceededMode is MultipartRequest.IGNORE_FILES_IF_MAX_BYES_EXCEEDEDIGNORE_PARAMETERS_IF_MAX_BYES_EXCEEDED
I will be uploading this update to the sourceforge site today.
I would appreciate it any feedback on the functionality please.
Thanks
Jason
Hi,
That should be:
MultipartRequest.IGNORE_FILES_IF_MAX_BYES_EXCEED
A cut and paste error :-)
1.30rc1 has been released with this functionality.
Cheers
Jason