The default implementation of the + * {@link org.apache.commons.fileupload.FileItem FileItem} interface. + * + *
After retrieving an instance of this class from a {@link
+ * org.apache.commons.fileupload.DiskFileUpload DiskFileUpload} instance (see
+ * {@link org.apache.commons.fileupload.DiskFileUpload
+ * #parseRequest(javax.servlet.http.HttpServletRequest)}), you may
+ * either request all contents of file at once using {@link #get()} or
+ * request an {@link java.io.InputStream InputStream} with
+ * {@link #getInputStream()} and process the file without attempting to load
+ * it into memory, which may come handy with large files.
+ *
+ * @author Rafal Krzewski
+ * @author Sean Legassick
+ * @author Jason van Zyl
+ * @author John McNally
+ * @author Martin Cooper
+ * @author Sean C. Sullivan
+ *
+ * @version $Id: DefaultFileItem.java,v 1.21 2003/06/24 05:45:15 martinc Exp $
+ */
+public class DefaultFileItem
+ implements FileItem
+{
+
+ // ----------------------------------------------------------- Data members
+
+
+ /**
+ * Counter used in unique identifier generation.
+ */
+ private static int counter = 0;
+
+
+ /**
+ * The name of the form field as provided by the browser.
+ */
+ private String fieldName;
+
+
+ /**
+ * The content type passed by the browser, or null if
+ * not defined.
+ */
+ private String contentType;
+
+
+ /**
+ * Whether or not this item is a simple form field.
+ */
+ private boolean isFormField;
+
+
+ /**
+ * The original filename in the user's filesystem.
+ */
+ private String fileName;
+
+
+ /**
+ * The threshold above which uploads will be stored on disk.
+ */
+ private int sizeThreshold;
+
+
+ /**
+ * The directory in which uploaded files will be stored, if stored on disk.
+ */
+ private File repository;
+
+
+ /**
+ * Cached contents of the file.
+ */
+ private byte[] cachedContent;
+
+
+ /**
+ * Output stream for this item.
+ */
+ private DeferredFileOutputStream dfos;
+
+
+ // ----------------------------------------------------------- Constructors
+
+
+ /**
+ * Constructs a new DefaultFileItem instance.
+ *
+ * @param fieldName The name of the form field.
+ * @param contentType The content type passed by the browser or
+ * null if not specified.
+ * @param isFormField Whether or not this item is a plain form field, as
+ * opposed to a file upload.
+ * @param fileName The original filename in the user's filesystem, or
+ * null if not specified.
+ * @param sizeThreshold The threshold, in bytes, below which items will be
+ * retained in memory and above which they will be
+ * stored as a file.
+ * @param repository The data repository, which is the directory in
+ * which files will be created, should the item size
+ * exceed the threshold.
+ */
+ DefaultFileItem(String fieldName, String contentType, boolean isFormField,
+ String fileName, int sizeThreshold, File repository)
+ {
+ this.fieldName = fieldName;
+ this.contentType = contentType;
+ this.isFormField = isFormField;
+ this.fileName = fileName;
+ this.sizeThreshold = sizeThreshold;
+ this.repository = repository;
+ }
+
+
+ // ------------------------------- Methods from javax.activation.DataSource
+
+
+ /**
+ * Returns an {@link java.io.InputStream InputStream} that can be
+ * used to retrieve the contents of the file.
+ *
+ * @return An {@link java.io.InputStream InputStream} that can be
+ * used to retrieve the contents of the file.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public InputStream getInputStream()
+ throws IOException
+ {
+ if (!dfos.isInMemory())
+ {
+ return new FileInputStream(dfos.getFile());
+ }
+
+ if (cachedContent == null)
+ {
+ cachedContent = dfos.getData();
+ }
+ return new ByteArrayInputStream(cachedContent);
+ }
+
+
+ /**
+ * Returns the content type passed by the browser or null if
+ * not defined.
+ *
+ * @return The content type passed by the browser or null if
+ * not defined.
+ */
+ public String getContentType()
+ {
+ return contentType;
+ }
+
+
+ /**
+ * Returns the original filename in the client's filesystem.
+ *
+ * @return The original filename in the client's filesystem.
+ */
+ public String getName()
+ {
+ return fileName;
+ }
+
+
+ // ------------------------------------------------------- FileItem methods
+
+
+ /**
+ * Provides a hint as to whether or not the file contents will be read
+ * from memory.
+ *
+ * @return true if the file contents will be read
+ * from memory; false otherwise.
+ */
+ public boolean isInMemory()
+ {
+ return (dfos.isInMemory());
+ }
+
+
+ /**
+ * Returns the size of the file.
+ *
+ * @return The size of the file, in bytes.
+ */
+ public long getSize()
+ {
+ if (cachedContent != null)
+ {
+ return cachedContent.length;
+ }
+ else if (dfos.isInMemory())
+ {
+ return dfos.getData().length;
+ }
+ else
+ {
+ return dfos.getFile().length();
+ }
+ }
+
+
+ /**
+ * Returns the contents of the file as an array of bytes. If the
+ * contents of the file were not yet cached in memory, they will be
+ * loaded from the disk storage and cached.
+ *
+ * @return The contents of the file as an array of bytes.
+ */
+ public byte[] get()
+ {
+ if (dfos.isInMemory())
+ {
+ if (cachedContent == null)
+ {
+ cachedContent = dfos.getData();
+ }
+ return cachedContent;
+ }
+
+ byte[] fileData = new byte[(int) getSize()];
+ FileInputStream fis = null;
+
+ try
+ {
+ fis = new FileInputStream(dfos.getFile());
+ fis.read(fileData);
+ }
+ catch (IOException e)
+ {
+ fileData = null;
+ }
+ finally
+ {
+ if (fis != null)
+ {
+ try
+ {
+ fis.close();
+ }
+ catch (IOException e)
+ {
+ // ignore
+ }
+ }
+ }
+
+ return fileData;
+ }
+
+
+ /**
+ * Returns the contents of the file as a String, using the specified
+ * encoding. This method uses {@link #get()} to retrieve the
+ * contents of the file.
+ *
+ * @param encoding The character encoding to use.
+ *
+ * @return The contents of the file, as a string.
+ *
+ * @exception UnsupportedEncodingException if the requested character
+ * encoding is not available.
+ */
+ public String getString(String encoding)
+ throws UnsupportedEncodingException
+ {
+ return new String(get(), encoding);
+ }
+
+
+ /**
+ * Returns the contents of the file as a String, using the default
+ * character encoding. This method uses {@link #get()} to retrieve the
+ * contents of the file.
+ *
+ * @return The contents of the file, as a string.
+ */
+ public String getString()
+ {
+ return new String(get());
+ }
+
+
+ /**
+ * A convenience method to write an uploaded item to disk. The client code
+ * is not concerned with whether or not the item is stored in memory, or on
+ * disk in a temporary location. They just want to write the uploaded item
+ * to a file.
+ *
+ * This implementation first attempts to rename the uploaded item to the + * specified destination file, if the item was originally written to disk. + * Otherwise, the data will be copied to the specified file. + *
+ * This method is only guaranteed to work once, the first time it
+ * is invoked for a particular item. This is because, in the event that the
+ * method renames a temporary file, that file will no longer be available
+ * to copy or rename again at a later time.
+ *
+ * @param file The File into which the uploaded item should
+ * be stored.
+ *
+ * @exception Exception if an error occurs.
+ */
+ public void write(File file) throws Exception
+ {
+ if (isInMemory())
+ {
+ FileOutputStream fout = null;
+ try
+ {
+ fout = new FileOutputStream(file);
+ fout.write(get());
+ }
+ finally
+ {
+ if (fout != null)
+ {
+ fout.close();
+ }
+ }
+ }
+ else
+ {
+ File outputFile = getStoreLocation();
+ if (outputFile != null)
+ {
+ /*
+ * The uploaded file is being stored on disk
+ * in a temporary location so move it to the
+ * desired file.
+ */
+ if (!outputFile.renameTo(file))
+ {
+ BufferedInputStream in = null;
+ BufferedOutputStream out = null;
+ try
+ {
+ in = new BufferedInputStream(
+ new FileInputStream(outputFile));
+ out = new BufferedOutputStream(
+ new FileOutputStream(file));
+ byte[] bytes = new byte[2048];
+ int s = 0;
+ while ((s = in.read(bytes)) != -1)
+ {
+ out.write(bytes, 0, s);
+ }
+ }
+ finally
+ {
+ try
+ {
+ in.close();
+ }
+ catch (IOException e)
+ {
+ // ignore
+ }
+ try
+ {
+ out.close();
+ }
+ catch (IOException e)
+ {
+ // ignore
+ }
+ }
+ }
+ }
+ else
+ {
+ /*
+ * For whatever reason we cannot write the
+ * file to disk.
+ */
+ throw new FileUploadException(
+ "Cannot write uploaded file to disk!");
+ }
+ }
+ }
+
+
+ /**
+ * Deletes the underlying storage for a file item, including deleting any
+ * associated temporary disk file. Although this storage will be deleted
+ * automatically when the FileItem instance is garbage
+ * collected, this method can be used to ensure that this is done at an
+ * earlier time, thus preserving system resources.
+ */
+ public void delete()
+ {
+ cachedContent = null;
+ File outputFile = getStoreLocation();
+ if (outputFile != null && outputFile.exists())
+ {
+ outputFile.delete();
+ }
+ }
+
+
+ /**
+ * Returns the name of the field in the multipart form corresponding to
+ * this file item.
+ *
+ * @return The name of the form field.
+ *
+ * @see #setFieldName(java.lang.String)
+ *
+ */
+ public String getFieldName()
+ {
+ return fieldName;
+ }
+
+
+ /**
+ * Sets the field name used to reference this file item.
+ *
+ * @param fieldName The name of the form field.
+ *
+ * @see #getFieldName()
+ *
+ */
+ public void setFieldName(String fieldName)
+ {
+ this.fieldName = fieldName;
+ }
+
+
+ /**
+ * Determines whether or not a FileItem instance represents
+ * a simple form field.
+ *
+ * @return true if the instance represents a simple form
+ * field; false if it represents an uploaded file.
+ *
+ * @see #setFormField(boolean)
+ *
+ */
+ public boolean isFormField()
+ {
+ return isFormField;
+ }
+
+
+ /**
+ * Specifies whether or not a FileItem instance represents
+ * a simple form field.
+ *
+ * @param state true if the instance represents a simple form
+ * field; false if it represents an uploaded file.
+ *
+ * @see #isFormField()
+ *
+ */
+ public void setFormField(boolean state)
+ {
+ isFormField = state;
+ }
+
+
+ /**
+ * Returns an {@link java.io.OutputStream OutputStream} that can
+ * be used for storing the contents of the file.
+ *
+ * @return An {@link java.io.OutputStream OutputStream} that can be used
+ * for storing the contensts of the file.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public OutputStream getOutputStream()
+ throws IOException
+ {
+ if (dfos == null)
+ {
+ File outputFile = getTempFile();
+ dfos = new DeferredFileOutputStream(sizeThreshold, outputFile);
+ }
+ return dfos;
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Returns the {@link java.io.File} object for the FileItem's
+ * data's temporary location on the disk. Note that for
+ * FileItems that have their data stored in memory,
+ * this method will return null. When handling large
+ * files, you can use {@link java.io.File#renameTo(java.io.File)} to
+ * move the file to new location without copying the data, if the
+ * source and destination locations reside within the same logical
+ * volume.
+ *
+ * @return The data file, or null if the data is stored in
+ * memory.
+ */
+ public File getStoreLocation()
+ {
+ return dfos.getFile();
+ }
+
+
+ // ------------------------------------------------------ Protected methods
+
+
+ /**
+ * Removes the file contents from the temporary storage.
+ */
+ protected void finalize()
+ {
+ File outputFile = dfos.getFile();
+
+ if (outputFile != null && outputFile.exists())
+ {
+ outputFile.delete();
+ }
+ }
+
+
+ /**
+ * Creates and returns a {@link java.io.File File} representing a uniquely
+ * named temporary file in the configured repository path.
+ *
+ * @return The {@link java.io.File File} to be used for temporary storage.
+ */
+ protected File getTempFile()
+ {
+ File tempDir = repository;
+ if (tempDir == null)
+ {
+ tempDir = new File(System.getProperty("java.io.tmpdir"));
+ }
+
+ String fileName = "upload_" + getUniqueId() + ".tmp";
+
+ File f = new File(tempDir, fileName);
+ f.deleteOnExit();
+ return f;
+ }
+
+
+ // -------------------------------------------------------- Private methods
+
+
+ /**
+ * Returns an identifier that is unique within the class loader used to
+ * load this class, but does not have random-like apearance.
+ *
+ * @return A String with the non-random looking instance identifier.
+ */
+ private static String getUniqueId()
+ {
+ int current;
+ synchronized (DefaultFileItem.class)
+ {
+ current = counter++;
+ }
+ String id = Integer.toString(current);
+
+ // If you manage to get more than 100 million of ids, you'll
+ // start getting ids longer than 8 characters.
+ if (current < 100000000)
+ {
+ id = ("00000000" + id).substring(id.length());
+ }
+ return id;
+ }
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DefaultFileItemFactory.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DefaultFileItemFactory.java
new file mode 100644
index 00000000..4c0ed03c
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DefaultFileItemFactory.java
@@ -0,0 +1,234 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/DefaultFileItemFactory.java,v 1.2 2003/05/31 22:31:08 martinc Exp $
+ * $Revision: 1.2 $
+ * $Date: 2003/05/31 22:31:08 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ *
The default {@link org.apache.commons.fileupload.FileItemFactory} + * implementation. This implementation creates + * {@link org.apache.commons.fileupload.FileItem} instances which keep their + * content either in memory, for smaller items, or in a temporary file on disk, + * for larger items. The size threshold, above which content will be stored on + * disk, is configurable, as is the directory in which temporary files will be + * created.
+ * + *If not otherwise configured, the default configuration values are as + * follows: + *
System.getProperty("java.io.tmpdir").true if this is a plain form field;
+ * false otherwise.
+ * @param fileName The name of the uploaded file, if any, as supplied
+ * by the browser or other client.
+ *
+ * @return The newly created file item.
+ */
+ public FileItem createItem(
+ String fieldName,
+ String contentType,
+ boolean isFormField,
+ String fileName
+ )
+ {
+ if (isFormField == true) return new DefaultFileItem(fieldName, contentType, isFormField, fileName, sizeThreshold, repository);
+ else return new DefaultFileItem(fieldName, contentType, isFormField, fileName, 0, repository);
+ }
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DeferredFileOutputStream.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DeferredFileOutputStream.java
new file mode 100644
index 00000000..c89a3a50
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DeferredFileOutputStream.java
@@ -0,0 +1,218 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/DeferredFileOutputStream.java,v 1.2 2003/05/31 22:31:08 martinc Exp $
+ * $Revision: 1.2 $
+ * $Date: 2003/05/31 22:31:08 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * An output stream which will retain data in memory until a specified + * threshold is reached, and only then commit it to disk. If the stream is + * closed before the threshold is reached, the data will not be written to + * disk at all.
+ * + * @author Martin Cooper + * + * @version $Id: DeferredFileOutputStream.java,v 1.2 2003/05/31 22:31:08 martinc Exp $ + */ +public class DeferredFileOutputStream + extends ThresholdingOutputStream +{ + + // ----------------------------------------------------------- Data members + + + /** + * The output stream to which data will be written prior to the theshold + * being reached. + */ + private ByteArrayOutputStream memoryOutputStream; + + + /** + * The output stream to which data will be written after the theshold is + * reached. + */ + private FileOutputStream diskOutputStream; + + + /** + * The output stream to which data will be written at any given time. This + * will always be one ofmemoryOutputStream or
+ * diskOutputStream.
+ */
+ private OutputStream currentOutputStream;
+
+
+ /**
+ * The file to which output will be directed if the threshold is exceeded.
+ */
+ private File outputFile;
+
+
+ // ----------------------------------------------------------- Constructors
+
+
+ /**
+ * Constructs an instance of this class which will trigger an event at the
+ * specified threshold, and save data to a file beyond that point.
+ *
+ * @param threshold The number of bytes at which to trigger an event.
+ * @param outputFile The file to which data is saved beyond the threshold.
+ */
+ public DeferredFileOutputStream(int threshold, File outputFile)
+ {
+ super(threshold);
+ this.outputFile = outputFile;
+
+ memoryOutputStream = new ByteArrayOutputStream(threshold);
+ currentOutputStream = memoryOutputStream;
+ }
+
+
+ // --------------------------------------- ThresholdingOutputStream methods
+
+
+ /**
+ * Returns the current output stream. This may be memory based or disk
+ * based, depending on the current state with respect to the threshold.
+ *
+ * @return The underlying output stream.
+ *
+ * @exception IOException if an error occurs.
+ */
+ protected OutputStream getStream() throws IOException
+ {
+ return currentOutputStream;
+ }
+
+
+ /**
+ * Switches the underlying output stream from a memory based stream to one
+ * that is backed by disk. This is the point at which we realise that too
+ * much data is being written to keep in memory, so we elect to switch to
+ * disk-based storage.
+ *
+ * @exception IOException if an error occurs.
+ */
+ protected void thresholdReached() throws IOException
+ {
+ byte[] data = memoryOutputStream.toByteArray();
+ FileOutputStream fos = new FileOutputStream(outputFile);
+ fos.write(data);
+ diskOutputStream = fos;
+ currentOutputStream = fos;
+ memoryOutputStream = null;
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Determines whether or not the data for this output stream has been
+ * retained in memory.
+ *
+ * @return true if the data is available in memory;
+ * false otherwise.
+ */
+ public boolean isInMemory()
+ {
+ return (!isThresholdExceeded());
+ }
+
+
+ /**
+ * Returns the data for this output stream as an array of bytes, assuming
+ * that the data has been retained in memory. If the data was written to
+ * disk, this method returns null.
+ *
+ * @return The data for this output stream, or null if no such
+ * data is available.
+ */
+ public byte[] getData()
+ {
+ if (memoryOutputStream != null)
+ {
+ return memoryOutputStream.toByteArray();
+ }
+ return null;
+ }
+
+
+ /**
+ * Returns the data for this output stream as a File, assuming
+ * that the data was written to disk. If the data was retained in memory,
+ * this method returns null.
+ *
+ * @return The file for this output stream, or null if no such
+ * file exists.
+ */
+ public File getFile()
+ {
+ return outputFile;
+ }
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DiskFileUpload.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DiskFileUpload.java
new file mode 100644
index 00000000..e70c7733
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/DiskFileUpload.java
@@ -0,0 +1,248 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/DiskFileUpload.java,v 1.3 2003/06/01 00:18:13 martinc Exp $
+ * $Revision: 1.3 $
+ * $Date: 2003/06/01 00:18:13 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * High level API for processing file uploads.
+ * + *This class handles multiple files per single HTML widget, sent using
+ * multipart/mixed encoding type, as specified by
+ * RFC 1867. Use {@link
+ * #parseRequest(HttpServletRequest)} to acquire a list of {@link
+ * org.apache.commons.fileupload.FileItem}s associated with a given HTML
+ * widget.
Individual parts will be stored in temporary disk storage or in memory, + * depending on their size, and will be available as {@link + * org.apache.commons.fileupload.FileItem}s.
+ * + * @author Rafal Krzewski + * @author Daniel Rall + * @author Jason van Zyl + * @author John McNally + * @author Martin Cooper + * @author Sean C. Sullivan + * + * @version $Id: DiskFileUpload.java,v 1.3 2003/06/01 00:18:13 martinc Exp $ + */ +public class DiskFileUpload + extends FileUploadBase + { + + // ----------------------------------------------------------- Data members + + + /** + * The factory to use to create new form items. + */ + private DefaultFileItemFactory fileItemFactory; + + + // ----------------------------------------------------------- Constructors + + + /** + * Constructs an instance of this class which uses the default factory to + * createFileItem instances.
+ *
+ * @see #DiskFileUpload(DefaultFileItemFactory fileItemFactory)
+ */
+ public DiskFileUpload()
+ {
+ super();
+ this.fileItemFactory = new DefaultFileItemFactory();
+ }
+
+
+ /**
+ * Constructs an instance of this class which uses the supplied factory to
+ * create FileItem instances.
+ *
+ * @see #DiskFileUpload()
+ */
+ public DiskFileUpload(DefaultFileItemFactory fileItemFactory)
+ {
+ super();
+ this.fileItemFactory = fileItemFactory;
+ }
+
+
+ // ----------------------------------------------------- Property accessors
+
+
+ /**
+ * Returns the factory class used when creating file items.
+ *
+ * @return The factory class for new file items.
+ */
+ public FileItemFactory getFileItemFactory()
+ {
+ return fileItemFactory;
+ }
+
+
+ /**
+ * Sets the factory class to use when creating file items. The factory must
+ * be an instance of DefaultFileItemFactory or a subclass
+ * thereof, or else a ClassCastException will be thrown.
+ *
+ * @param factory The factory class for new file items.
+ */
+ public void setFileItemFactory(FileItemFactory factory)
+ {
+ this.fileItemFactory = (DefaultFileItemFactory) factory;
+ }
+
+
+ /**
+ * Returns the size threshold beyond which files are written directly to
+ * disk.
+ *
+ * @return The size threshold, in bytes.
+ *
+ * @see #setSizeThreshold(int)
+ */
+ public int getSizeThreshold()
+ {
+ return fileItemFactory.getSizeThreshold();
+ }
+
+
+ /**
+ * Sets the size threshold beyond which files are written directly to disk.
+ *
+ * @param sizeThreshold The size threshold, in bytes.
+ *
+ * @see #getSizeThreshold()
+ */
+ public void setSizeThreshold(int sizeThreshold)
+ {
+ fileItemFactory.setSizeThreshold(sizeThreshold);
+ }
+
+
+ /**
+ * Returns the location used to temporarily store files that are larger
+ * than the configured size threshold.
+ *
+ * @return The path to the temporary file location.
+ *
+ * @see #setRepositoryPath(String)
+ */
+ public String getRepositoryPath()
+ {
+ return fileItemFactory.getRepository().getPath();
+ }
+
+
+ /**
+ * Sets the location used to temporarily store files that are larger
+ * than the configured size threshold.
+ *
+ * @param repositoryPath The path to the temporary file location.
+ *
+ * @see #getRepositoryPath()
+ */
+ public void setRepositoryPath(String repositoryPath)
+ {
+ fileItemFactory.setRepository(new File(repositoryPath));
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Processes an RFC 1867
+ * compliant multipart/form-data stream. If files are stored
+ * on disk, the path is given by getRepository().
+ *
+ * @param req The servlet request to be parsed. Must be non-null.
+ * @param sizeThreshold The max size in bytes to be stored in memory.
+ * @param sizeMax The maximum allowed upload size, in bytes.
+ * @param path The location where the files should be stored.
+ *
+ * @return A list of FileItem instances parsed from the
+ * request, in the order that they were transmitted.
+ *
+ * @exception FileUploadException if there are problems reading/parsing
+ * the request or storing files.
+ */
+ public List /* FileItem */ parseRequest(HttpServletRequest req,
+ int sizeThreshold,
+ long sizeMax, String path)
+ throws FileUploadException
+ {
+ setSizeThreshold(sizeThreshold);
+ setSizeMax(sizeMax);
+ setRepositoryPath(path);
+ return parseRequest(req);
+ }
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItem.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItem.java
new file mode 100644
index 00000000..5a4133dc
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItem.java
@@ -0,0 +1,275 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/FileItem.java,v 1.15 2003/06/01 17:33:24 martinc Exp $
+ * $Revision: 1.15 $
+ * $Date: 2003/06/01 17:33:24 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * This class represents a file or form item that was received within a
+ * multipart/form-data POST request.
+ *
+ *
After retrieving an instance of this class from a {@link + * org.apache.commons.fileupload.FileUpload FileUpload} instance (see + * {@link org.apache.commons.fileupload.FileUpload + * #parseRequest(javax.servlet.http.HttpServletRequest)}), you may + * either request all contents of the file at once using {@link #get()} or + * request an {@link java.io.InputStream InputStream} with + * {@link #getInputStream()} and process the file without attempting to load + * it into memory, which may come handy with large files. + * + *
While this interface does not extend
+ * javax.activation.DataSource per se (to avoid a seldom used
+ * dependency), several of the defined methods are specifically defined with
+ * the same signatures as methods in that interface. This allows an
+ * implementation of this interface to also implement
+ * javax.activation.DataSource with minimal additional work.
+ *
+ * @author Rafal Krzewski
+ * @author Sean Legassick
+ * @author Jason van Zyl
+ * @author Martin Cooper
+ *
+ * @version $Id: FileItem.java,v 1.15 2003/06/01 17:33:24 martinc Exp $
+ */
+public interface FileItem
+ extends Serializable
+{
+
+
+ // ------------------------------- Methods from javax.activation.DataSource
+
+
+ /**
+ * Returns an {@link java.io.InputStream InputStream} that can be
+ * used to retrieve the contents of the file.
+ *
+ * @return An {@link java.io.InputStream InputStream} that can be
+ * used to retrieve the contents of the file.
+ *
+ * @exception IOException if an error occurs.
+ */
+ InputStream getInputStream()
+ throws IOException;
+
+
+ /**
+ * Returns the content type passed by the browser or null if
+ * not defined.
+ *
+ * @return The content type passed by the browser or null if
+ * not defined.
+ */
+ String getContentType();
+
+
+ /**
+ * Returns the original filename in the client's filesystem, as provided by
+ * the browser (or other client software). In most cases, this will be the
+ * base file name, without path information. However, some clients, such as
+ * the Opera browser, do include path information.
+ *
+ * @return The original filename in the client's filesystem.
+ */
+ String getName();
+
+
+ // ------------------------------------------------------- FileItem methods
+
+
+ /**
+ * Provides a hint as to whether or not the file contents will be read
+ * from memory.
+ *
+ * @return true if the file contents will be read from memory;
+ * false otherwise.
+ */
+ boolean isInMemory();
+
+
+ /**
+ * Returns the size of the file item.
+ *
+ * @return The size of the file item, in bytes.
+ */
+ long getSize();
+
+
+ /**
+ * Returns the contents of the file item as an array of bytes.
+ *
+ * @return The contents of the file item as an array of bytes.
+ */
+ byte[] get();
+
+
+ /**
+ * Returns the contents of the file item as a String, using the specified
+ * encoding. This method uses {@link #get()} to retrieve the
+ * contents of the item.
+ *
+ * @param encoding The character encoding to use.
+ *
+ * @return The contents of the item, as a string.
+ *
+ * @exception UnsupportedEncodingException if the requested character
+ * encoding is not available.
+ */
+ String getString(String encoding)
+ throws UnsupportedEncodingException;
+
+
+ /**
+ * Returns the contents of the file item as a String, using the default
+ * character encoding. This method uses {@link #get()} to retrieve the
+ * contents of the item.
+ *
+ * @return The contents of the item, as a string.
+ */
+ String getString();
+
+
+ /**
+ * A convenience method to write an uploaded item to disk. The client code
+ * is not concerned with whether or not the item is stored in memory, or on
+ * disk in a temporary location. They just want to write the uploaded item
+ * to a file.
+ *
+ * This method is not guaranteed to succeed if called more than once for
+ * the same item. This allows a particular implementation to use, for
+ * example, file renaming, where possible, rather than copying all of the
+ * underlying data, thus gaining a significant performance benefit.
+ *
+ * @param file The File into which the uploaded item should
+ * be stored.
+ *
+ * @exception Exception if an error occurs.
+ */
+ void write(File file) throws Exception;
+
+
+ /**
+ * Deletes the underlying storage for a file item, including deleting any
+ * associated temporary disk file. Although this storage will be deleted
+ * automatically when the FileItem instance is garbage
+ * collected, this method can be used to ensure that this is done at an
+ * earlier time, thus preserving system resources.
+ */
+ void delete();
+
+
+ /**
+ * Returns the name of the field in the multipart form corresponding to
+ * this file item.
+ *
+ * @return The name of the form field.
+ */
+ String getFieldName();
+
+
+ /**
+ * Sets the field name used to reference this file item.
+ *
+ * @param name The name of the form field.
+ */
+ void setFieldName(String name);
+
+
+ /**
+ * Determines whether or not a FileItem instance represents
+ * a simple form field.
+ *
+ * @return true if the instance represents a simple form
+ * field; false if it represents an uploaded file.
+ */
+ boolean isFormField();
+
+
+ /**
+ * Specifies whether or not a FileItem instance represents
+ * a simple form field.
+ *
+ * @param state true if the instance represents a simple form
+ * field; false if it represents an uploaded file.
+ */
+ void setFormField(boolean state);
+
+
+ /**
+ * Returns an {@link java.io.OutputStream OutputStream} that can
+ * be used for storing the contents of the file.
+ *
+ * @return An {@link java.io.OutputStream OutputStream} that can be used
+ * for storing the contensts of the file.
+ *
+ * @exception IOException if an error occurs.
+ */
+ OutputStream getOutputStream() throws IOException;
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItemFactory.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItemFactory.java
new file mode 100644
index 00000000..5f7cac69
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileItemFactory.java
@@ -0,0 +1,97 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/FileItemFactory.java,v 1.1 2003/04/27 17:30:06 martinc Exp $
+ * $Revision: 1.1 $
+ * $Date: 2003/04/27 17:30:06 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ *
A factory interface for creating {@link FileItem} instances. Factories + * can provide their own custom configuration, over and above that provided + * by the default file upload implementation.
+ * + * @author Martin Cooper + * + * @version $Id: FileItemFactory.java,v 1.1 2003/04/27 17:30:06 martinc Exp $ + */ +public interface FileItemFactory +{ + + /** + * Create a new {@link FileItem} instance from the supplied parameters and + * any local factory configuration. + * + * @param fieldName The name of the form field. + * @param contentType The content type of the form field. + * @param isFormFieldtrue if this is a plain form field;
+ * false otherwise.
+ * @param fileName The name of the uploaded file, if any, as supplied
+ * by the browser or other client.
+ *
+ * @return The newly created file item.
+ */
+ FileItem createItem(
+ String fieldName,
+ String contentType,
+ boolean isFormField,
+ String fileName
+ );
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUpload.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUpload.java
new file mode 100644
index 00000000..be5e8af5
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUpload.java
@@ -0,0 +1,155 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/FileUpload.java,v 1.23 2003/06/24 05:45:43 martinc Exp $
+ * $Revision: 1.23 $
+ * $Date: 2003/06/24 05:45:43 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * High level API for processing file uploads.
+ * + *This class handles multiple files per single HTML widget, sent using
+ * multipart/mixed encoding type, as specified by
+ * RFC 1867. Use {@link
+ * #parseRequest(HttpServletRequest)} to acquire a list of {@link
+ * org.apache.commons.fileupload.FileItem}s associated with a given HTML
+ * widget.
How the data for individual parts is stored is determined by the factory + * used to create them; a given part may be in memory, on disk, or somewhere + * else.
+ * + * @author Rafal Krzewski + * @author Daniel Rall + * @author Jason van Zyl + * @author John McNally + * @author Martin Cooper + * @author Sean C. Sullivan + * + * @version $Id: FileUpload.java,v 1.23 2003/06/24 05:45:43 martinc Exp $ + */ +public class FileUpload + extends FileUploadBase + { + + // ----------------------------------------------------------- Data members + + + /** + * The factory to use to create new form items. + */ + private FileItemFactory fileItemFactory; + + + // ----------------------------------------------------------- Constructors + + + /** + * Constructs an instance of this class which uses the default factory to + * createFileItem instances.
+ *
+ * @see #FileUpload(FileItemFactory)
+ */
+ public FileUpload()
+ {
+ super();
+ }
+
+
+ /**
+ * Constructs an instance of this class which uses the supplied factory to
+ * create FileItem instances.
+ *
+ * @see #FileUpload()
+ */
+ public FileUpload(FileItemFactory fileItemFactory)
+ {
+ super();
+ this.fileItemFactory = fileItemFactory;
+ }
+
+
+ // ----------------------------------------------------- Property accessors
+
+
+ /**
+ * Returns the factory class used when creating file items.
+ *
+ * @return The factory class for new file items.
+ */
+ public FileItemFactory getFileItemFactory()
+ {
+ return fileItemFactory;
+ }
+
+
+ /**
+ * Sets the factory class to use when creating file items.
+ *
+ * @param factory The factory class for new file items.
+ */
+ public void setFileItemFactory(FileItemFactory factory)
+ {
+ this.fileItemFactory = factory;
+ }
+
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadBase.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadBase.java
new file mode 100644
index 00000000..bc55d509
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadBase.java
@@ -0,0 +1,685 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/FileUploadBase.java,v 1.3 2003/06/01 00:18:13 martinc Exp $
+ * $Revision: 1.3 $
+ * $Date: 2003/06/01 00:18:13 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * High level API for processing file uploads.
+ * + *This class handles multiple files per single HTML widget, sent using
+ * multipart/mixed encoding type, as specified by
+ * RFC 1867. Use {@link
+ * #parseRequest(HttpServletRequest)} to acquire a list of {@link
+ * org.apache.commons.fileupload.FileItem}s associated with a given HTML
+ * widget.
How the data for individual parts is stored is determined by the factory + * used to create them; a given part may be in memory, on disk, or somewhere + * else.
+ * + * @author Rafal Krzewski + * @author Daniel Rall + * @author Jason van Zyl + * @author John McNally + * @author Martin Cooper + * @author Sean C. Sullivan + * + * @version $Id: FileUploadBase.java,v 1.3 2003/06/01 00:18:13 martinc Exp $ + */ +public abstract class FileUploadBase +{ + + // ---------------------------------------------------------- Class methods + + + /** + * Utility method that determines whether the request contains multipart + * content. + * + * @param req The servlet request to be evaluated. Must be non-null. + * + * @returntrue if the request is multipart;
+ * false otherwise.
+ */
+ public static final boolean isMultipartContent(HttpServletRequest req)
+ {
+ String contentType = req.getHeader(CONTENT_TYPE);
+ if (contentType == null)
+ {
+ return false;
+ }
+ if (contentType.startsWith(MULTIPART))
+ {
+ return true;
+ }
+ return false;
+ }
+
+
+ // ----------------------------------------------------- Manifest constants
+
+
+ /**
+ * HTTP content type header name.
+ */
+ public static final String CONTENT_TYPE = "Content-type";
+
+
+ /**
+ * HTTP content disposition header name.
+ */
+ public static final String CONTENT_DISPOSITION = "Content-disposition";
+
+
+ /**
+ * Content-disposition value for form data.
+ */
+ public static final String FORM_DATA = "form-data";
+
+
+ /**
+ * Content-disposition value for file attachment.
+ */
+ public static final String ATTACHMENT = "attachment";
+
+
+ /**
+ * Part of HTTP content type header.
+ */
+ public static final String MULTIPART = "multipart/";
+
+
+ /**
+ * HTTP content type header for multipart forms.
+ */
+ public static final String MULTIPART_FORM_DATA = "multipart/form-data";
+
+
+ /**
+ * HTTP content type header for multiple uploads.
+ */
+ public static final String MULTIPART_MIXED = "multipart/mixed";
+
+
+ /**
+ * The maximum length of a single header line that will be parsed
+ * (1024 bytes).
+ */
+ public static final int MAX_HEADER_SIZE = 1024;
+
+
+ // ----------------------------------------------------------- Data members
+
+
+ /**
+ * The maximum size permitted for an uploaded file. A value of -1 indicates
+ * no maximum.
+ */
+ private long sizeMax = -1;
+
+
+ /**
+ * The content encoding to use when reading part headers.
+ */
+ private String headerEncoding;
+
+
+ // ----------------------------------------------------- Property accessors
+
+
+ /**
+ * Returns the factory class used when creating file items.
+ *
+ * @return The factory class for new file items.
+ */
+ public abstract FileItemFactory getFileItemFactory();
+
+
+ /**
+ * Sets the factory class to use when creating file items.
+ *
+ * @param factory The factory class for new file items.
+ */
+ public abstract void setFileItemFactory(FileItemFactory factory);
+
+
+ /**
+ * Returns the maximum allowed upload size.
+ *
+ * @return The maximum allowed size, in bytes.
+ *
+ * @see #setSizeMax(long)
+ *
+ */
+ public long getSizeMax()
+ {
+ return sizeMax;
+ }
+
+
+ /**
+ * Sets the maximum allowed upload size. If negative, there is no maximum.
+ *
+ * @param sizeMax The maximum allowed size, in bytes, or -1 for no maximum.
+ *
+ * @see #getSizeMax()
+ *
+ */
+ public void setSizeMax(long sizeMax)
+ {
+ this.sizeMax = sizeMax;
+ }
+
+
+ /**
+ * Retrieves the character encoding used when reading the headers of an
+ * individual part. When not specified, or null, the platform
+ * default encoding is used.
+ *
+ * @return The encoding used to read part headers.
+ */
+ public String getHeaderEncoding()
+ {
+ return headerEncoding;
+ }
+
+
+ /**
+ * Specifies the character encoding to be used when reading the headers of
+ * individual parts. When not specified, or null, the platform
+ * default encoding is used.
+ *
+ * @param encoding The encoding used to read part headers.
+ */
+ public void setHeaderEncoding(String encoding)
+ {
+ headerEncoding = encoding;
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Processes an RFC 1867
+ * compliant multipart/form-data stream. If files are stored
+ * on disk, the path is given by getRepository().
+ *
+ * @param req The servlet request to be parsed.
+ *
+ * @return A list of FileItem instances parsed from the
+ * request, in the order that they were transmitted.
+ *
+ * @exception FileUploadException if there are problems reading/parsing
+ * the request or storing files.
+ */
+ public List /* FileItem */ parseRequest(HttpServletRequest req)
+ throws FileUploadException
+ {
+ if (null == req)
+ {
+ throw new NullPointerException("req parameter");
+ }
+
+ ArrayList items = new ArrayList();
+ String contentType = req.getHeader(CONTENT_TYPE);
+
+ if ((null == contentType) || (!contentType.startsWith(MULTIPART)))
+ {
+ throw new InvalidContentTypeException(
+ "the request doesn't contain a "
+ + MULTIPART_FORM_DATA
+ + " or "
+ + MULTIPART_MIXED
+ + " stream, content type header is "
+ + contentType);
+ }
+ int requestSize = req.getContentLength();
+
+ if (requestSize == -1)
+ {
+ throw new UnknownSizeException(
+ "the request was rejected because it's size is unknown");
+ }
+
+ if (sizeMax >= 0 && requestSize > sizeMax)
+ {
+ throw new SizeLimitExceededException(
+ "the request was rejected because "
+ + "it's size exceeds allowed range");
+ }
+
+ try
+ {
+ int boundaryIndex = contentType.indexOf("boundary=");
+ if (boundaryIndex < 0)
+ {
+ throw new FileUploadException(
+ "the request was rejected because "
+ + "no multipart boundary was found");
+ }
+ byte[] boundary = contentType.substring(
+ boundaryIndex + 9).getBytes();
+
+ InputStream input = req.getInputStream();
+
+ MultipartStream multi = new MultipartStream(input, boundary);
+ multi.setHeaderEncoding(headerEncoding);
+
+ boolean nextPart = multi.skipPreamble();
+ while (nextPart)
+ {
+ Map headers = parseHeaders(multi.readHeaders());
+ String fieldName = getFieldName(headers);
+ if (fieldName != null)
+ {
+ String subContentType = getHeader(headers, CONTENT_TYPE);
+ if (subContentType != null && subContentType
+ .startsWith(MULTIPART_MIXED))
+ {
+ // Multiple files.
+ byte[] subBoundary =
+ subContentType.substring(
+ subContentType
+ .indexOf("boundary=") + 9).getBytes();
+ multi.setBoundary(subBoundary);
+ boolean nextSubPart = multi.skipPreamble();
+ while (nextSubPart)
+ {
+ headers = parseHeaders(multi.readHeaders());
+ if (getFileName(headers) != null)
+ {
+ FileItem item =
+ createItem(headers, false);
+ OutputStream os = item.getOutputStream();
+ try
+ {
+ multi.readBodyData(os);
+ }
+ finally
+ {
+ os.close();
+ }
+ items.add(item);
+ }
+ else
+ {
+ // Ignore anything but files inside
+ // multipart/mixed.
+ multi.discardBodyData();
+ }
+ nextSubPart = multi.readBoundary();
+ }
+ multi.setBoundary(boundary);
+ }
+ else
+ {
+ if (getFileName(headers) != null)
+ {
+ // A single file.
+ FileItem item = createItem(headers, false);
+ OutputStream os = item.getOutputStream();
+ try
+ {
+ multi.readBodyData(os);
+ }
+ finally
+ {
+ os.close();
+ }
+ items.add(item);
+ }
+ else
+ {
+ // A form field.
+ FileItem item = createItem(headers, true);
+ OutputStream os = item.getOutputStream();
+ try
+ {
+ multi.readBodyData(os);
+ }
+ finally
+ {
+ os.close();
+ }
+ items.add(item);
+ }
+ }
+ }
+ else
+ {
+ // Skip this part.
+ multi.discardBodyData();
+ }
+ nextPart = multi.readBoundary();
+ }
+ }
+ catch (IOException e)
+ {
+ throw new FileUploadException(
+ "Processing of " + MULTIPART_FORM_DATA
+ + " request failed. " + e.getMessage());
+ }
+
+ return items;
+ }
+
+
+ // ------------------------------------------------------ Protected methods
+
+
+ /**
+ * Retrieves the file name from the Content-disposition
+ * header.
+ *
+ * @param headers A Map containing the HTTP request headers.
+ *
+ * @return The file name for the current encapsulation.
+ */
+ protected String getFileName(Map /* String, String */ headers)
+ {
+ String fileName = null;
+ String cd = getHeader(headers, CONTENT_DISPOSITION);
+ if (cd.startsWith(FORM_DATA) || cd.startsWith(ATTACHMENT))
+ {
+ int start = cd.indexOf("filename=\"");
+ int end = cd.indexOf('"', start + 10);
+ if (start != -1 && end != -1)
+ {
+ fileName = cd.substring(start + 10, end).trim();
+ }
+ }
+ return fileName;
+ }
+
+
+ /**
+ * Retrieves the field name from the Content-disposition
+ * header.
+ *
+ * @param headers A Map containing the HTTP request headers.
+ *
+ * @return The field name for the current encapsulation.
+ */
+ protected String getFieldName(Map /* String, String */ headers)
+ {
+ String fieldName = null;
+ String cd = getHeader(headers, CONTENT_DISPOSITION);
+ if (cd != null && cd.startsWith(FORM_DATA))
+ {
+ int start = cd.indexOf("name=\"");
+ int end = cd.indexOf('"', start + 6);
+ if (start != -1 && end != -1)
+ {
+ fieldName = cd.substring(start + 6, end);
+ }
+ }
+ return fieldName;
+ }
+
+
+ /**
+ * Creates a new {@link FileItem} instance.
+ *
+ * @param headers A Map containing the HTTP request
+ * headers.
+ * @param isFormField Whether or not this item is a form field, as
+ * opposed to a file.
+ *
+ * @return A newly created FileItem instance.
+ *
+ * @exception FileUploadException if an error occurs.
+ */
+ protected FileItem createItem(Map /* String, String */ headers,
+ boolean isFormField)
+ throws FileUploadException
+ {
+ return getFileItemFactory().createItem(getFieldName(headers),
+ getHeader(headers, CONTENT_TYPE),
+ isFormField,
+ getFileName(headers));
+ }
+
+
+ /**
+ * Parses the header-part and returns as key/value
+ * pairs.
+ *
+ *
If there are multiple headers of the same names, the name
+ * will map to a comma-separated list containing the values.
+ *
+ * @param headerPart The header-part of the current
+ * encapsulation.
+ *
+ * @return A Map containing the parsed HTTP request headers.
+ */
+ protected Map /* String, String */ parseHeaders(String headerPart)
+ {
+ Map headers = new HashMap();
+ char buffer[] = new char[MAX_HEADER_SIZE];
+ boolean done = false;
+ int j = 0;
+ int i;
+ String header, headerName, headerValue;
+ try
+ {
+ while (!done)
+ {
+ i = 0;
+ // Copy a single line of characters into the buffer,
+ // omitting trailing CRLF.
+ while (i < 2 || buffer[i - 2] != '\r' || buffer[i - 1] != '\n')
+ {
+ buffer[i++] = headerPart.charAt(j++);
+ }
+ header = new String(buffer, 0, i - 2);
+ if (header.equals(""))
+ {
+ done = true;
+ }
+ else
+ {
+ if (header.indexOf(':') == -1)
+ {
+ // This header line is malformed, skip it.
+ continue;
+ }
+ headerName = header.substring(0, header.indexOf(':'))
+ .trim().toLowerCase();
+ headerValue =
+ header.substring(header.indexOf(':') + 1).trim();
+ if (getHeader(headers, headerName) != null)
+ {
+ // More that one heder of that name exists,
+ // append to the list.
+ headers.put(headerName,
+ getHeader(headers, headerName) + ','
+ + headerValue);
+ }
+ else
+ {
+ headers.put(headerName, headerValue);
+ }
+ }
+ }
+ }
+ catch (IndexOutOfBoundsException e)
+ {
+ // Headers were malformed. continue with all that was
+ // parsed.
+ }
+ return headers;
+ }
+
+
+ /**
+ * Returns the header with the specified name from the supplied map. The
+ * header lookup is case-insensitive.
+ *
+ * @param headers A Map containing the HTTP request headers.
+ * @param name The name of the header to return.
+ *
+ * @return The value of specified header, or a comma-separated list if
+ * there were multiple headers of that name.
+ */
+ protected final String getHeader(Map /* String, String */ headers,
+ String name)
+ {
+ return (String) headers.get(name.toLowerCase());
+ }
+
+
+ /**
+ * Thrown to indicate that the request is not a multipart request.
+ */
+ public static class InvalidContentTypeException
+ extends FileUploadException
+ {
+ /**
+ * Constructs a InvalidContentTypeException with no
+ * detail message.
+ */
+ public InvalidContentTypeException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs an InvalidContentTypeException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public InvalidContentTypeException(String message)
+ {
+ super(message);
+ }
+ }
+
+
+ /**
+ * Thrown to indicate that the request size is not specified.
+ */
+ public static class UnknownSizeException
+ extends FileUploadException
+ {
+ /**
+ * Constructs a UnknownSizeException with no
+ * detail message.
+ */
+ public UnknownSizeException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs an UnknownSizeException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public UnknownSizeException(String message)
+ {
+ super(message);
+ }
+ }
+
+
+ /**
+ * Thrown to indicate that the request size exceeds the configured maximum.
+ */
+ public static class SizeLimitExceededException
+ extends FileUploadException
+ {
+ /**
+ * Constructs a SizeExceededException with no
+ * detail message.
+ */
+ public SizeLimitExceededException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs an SizeExceededException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public SizeLimitExceededException(String message)
+ {
+ super(message);
+ }
+ }
+
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadException.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadException.java
new file mode 100644
index 00000000..04475f26
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/FileUploadException.java
@@ -0,0 +1,93 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/FileUploadException.java,v 1.7 2003/04/27 17:30:06 martinc Exp $
+ * $Revision: 1.7 $
+ * $Date: 2003/04/27 17:30:06 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * FileUploadException without message.
+ */
+ public FileUploadException()
+ {
+ }
+
+ /**
+ * Constructs a new FileUploadException with specified detail
+ * message.
+ *
+ * @param msg the error message.
+ */
+ public FileUploadException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/MultipartStream.java b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/MultipartStream.java
new file mode 100644
index 00000000..62aa16b5
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/MultipartStream.java
@@ -0,0 +1,936 @@
+/*
+ * $Header: /home/cvs/jakarta-commons/fileupload/src/java/org/apache/commons/fileupload/MultipartStream.java,v 1.12 2003/06/01 00:18:13 martinc Exp $
+ * $Revision: 1.12 $
+ * $Date: 2003/06/01 00:18:13 $
+ *
+ * ====================================================================
+ *
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution, if
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowlegement may appear in the software itself,
+ * if and wherever such third-party acknowlegements normally appear.
+ *
+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software
+ * Foundation" must not be used to endorse or promote products derived
+ * from this software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ * nor may "Apache" appear in their names without prior written
+ * permission of the Apache Group.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ *
Low level API for processing file uploads. + * + *
This class can be used to process data streams conforming to MIME + * 'multipart' format as defined in + * RFC 1867. Arbitrarily + * large amounts of data in the stream can be processed under constant + * memory usage. + * + *
The format of the stream is defined in the following way:
+ *
+ *
+ * multipart-body := preamble 1*encapsulation close-delimiter epilogue
+ *
+ *
+ * encapsulation := delimiter body CRLF
+ * delimiter := "--" boundary CRLF
+ * close-delimiter := "--" boudary "--"
+ * preamble := <ignore>
+ * epilogue := <ignore>
+ * body := header-part CRLF body-part
+ * header-part := 1*header CRLF
+ * header := header-name ":" header-value
+ * header-name := <printable ascii characters except ":">
+ * header-value := <any ascii characters except CR & LF>
+ * body-data := <arbitrary data>
+ *
Note that body-data can contain another mulipart entity. There + * is limited support for single pass processing of such nested + * streams. The nested stream is required to have a + * boundary token of the same length as the parent stream (see {@link + * #setBoundary(byte[])}). + * + *
Here is an exaple of usage of this class.
+ *
+ *
+ * try {
+ * MultipartStream multipartStream = new MultipartStream(input,
+ * boundary);
+ * boolean nextPart = malitPartStream.skipPreamble();
+ * OutputStream output;
+ * while(nextPart) {
+ * header = chunks.readHeader();
+ * // process headers
+ * // create some output stream
+ * multipartStream.readBodyPart(output);
+ * nextPart = multipartStream.readBoundary();
+ * }
+ * } catch(MultipartStream.MalformedStreamException e) {
+ * // the stream failed to follow required syntax
+ * } catch(IOException) {
+ * // a read or write error occurred
+ * }
+ *
+ *
+ *
+ * @author Rafal Krzewski
+ * @author Martin Cooper
+ * @author Sean C. Sullivan
+ *
+ * @version $Id: MultipartStream.java,v 1.12 2003/06/01 00:18:13 martinc Exp $
+ */
+public class MultipartStream
+{
+
+ // ----------------------------------------------------- Manifest constants
+
+
+ /**
+ * The maximum length of header-part that will be
+ * processed (10 kilobytes = 10240 bytes.).
+ */
+ public static final int HEADER_PART_SIZE_MAX = 10240;
+
+
+ /**
+ * The default length of the buffer used for processing a request.
+ */
+ protected static final int DEFAULT_BUFSIZE = 4096;
+
+
+ /**
+ * A byte sequence that marks the end of header-part
+ * (CRLFCRLF).
+ */
+ protected static final byte[] HEADER_SEPARATOR = {0x0D, 0x0A, 0x0D, 0x0A};
+
+
+ /**
+ * A byte sequence that that follows a delimiter that will be
+ * followed by an encapsulation (CRLF).
+ */
+ protected static final byte[] FIELD_SEPARATOR = { 0x0D, 0x0A };
+
+
+ /**
+ * A byte sequence that that follows a delimiter of the last
+ * encapsulation in the stream (--).
+ */
+ protected static final byte[] STREAM_TERMINATOR = { 0x2D, 0x2D };
+
+
+ // ----------------------------------------------------------- Data members
+
+
+ /**
+ * The input stream from which data is read.
+ */
+ private InputStream input;
+
+
+ /**
+ * The length of the boundary token plus the leading CRLF--.
+ */
+ private int boundaryLength;
+
+
+ /**
+ * The amount of data, in bytes, that must be kept in the buffer in order
+ * to detect delimiters reliably.
+ */
+ private int keepRegion;
+
+
+ /**
+ * The byte sequence that partitions the stream.
+ */
+ private byte[] boundary;
+
+
+ /**
+ * The length of the buffer used for processing the request.
+ */
+ private int bufSize;
+
+
+ /**
+ * The buffer used for processing the request.
+ */
+ private byte[] buffer;
+
+
+ /**
+ * The index of first valid character in the buffer.
+ * Constructs a MultipartStream with a custom size buffer.
+ *
+ *
Note that the buffer must be at least big enough to contain the
+ * boundary string, plus 4 characters for CR/LF and double dash, plus at
+ * least one byte of data. Too small a buffer size setting will degrade
+ * performance.
+ *
+ * @param input The InputStream to serve as a data source.
+ * @param boundary The token used for dividing the stream into
+ * encapsulations.
+ * @param bufSize The size of the buffer to be used, in bytes.
+ *
+ *
+ * @see #MultipartStream()
+ * @see #MultipartStream(InputStream, byte[])
+ *
+ */
+ public MultipartStream(InputStream input,
+ byte[] boundary,
+ int bufSize)
+ {
+ this.input = input;
+ this.bufSize = bufSize;
+ this.buffer = new byte[bufSize];
+
+ // We prepend CR/LF to the boundary to chop trailng CR/LF from
+ // body-data tokens.
+ this.boundary = new byte[boundary.length + 4];
+ this.boundaryLength = boundary.length + 4;
+ this.keepRegion = boundary.length + 3;
+ this.boundary[0] = 0x0D;
+ this.boundary[1] = 0x0A;
+ this.boundary[2] = 0x2D;
+ this.boundary[3] = 0x2D;
+ System.arraycopy(boundary, 0, this.boundary, 4, boundary.length);
+
+ head = 0;
+ tail = 0;
+ }
+
+
+ /**
+ *
Constructs a MultipartStream with a default size buffer.
+ *
+ * @param input The InputStream to serve as a data source.
+ * @param boundary The token used for dividing the stream into
+ * encapsulations.
+ *
+ * @exception IOException when an error occurs.
+ *
+ * @see #MultipartStream()
+ * @see #MultipartStream(InputStream, byte[], int)
+ *
+ */
+ public MultipartStream(InputStream input,
+ byte[] boundary)
+ throws IOException
+ {
+ this(input, boundary, DEFAULT_BUFSIZE);
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Retrieves the character encoding used when reading the headers of an
+ * individual part. When not specified, or null, the platform
+ * default encoding is used.
+
+ *
+ * @return The encoding used to read part headers.
+ */
+ public String getHeaderEncoding()
+ {
+ return headerEncoding;
+ }
+
+
+ /**
+ * Specifies the character encoding to be used when reading the headers of
+ * individual parts. When not specified, or null, the platform
+ * default encoding is used.
+ *
+ * @param encoding The encoding used to read part headers.
+ */
+ public void setHeaderEncoding(String encoding)
+ {
+ headerEncoding = encoding;
+ }
+
+
+ /**
+ * Reads a byte from the buffer, and refills it as
+ * necessary.
+ *
+ * @return The next byte from the input stream.
+ *
+ * @exception IOException if there is no more data available.
+ */
+ public byte readByte()
+ throws IOException
+ {
+ // Buffer depleted ?
+ if (head == tail)
+ {
+ head = 0;
+ // Refill.
+ tail = input.read(buffer, head, bufSize);
+ if (tail == -1)
+ {
+ // No more data available.
+ throw new IOException("No more data is available");
+ }
+ }
+ return buffer[head++];
+ }
+
+
+ /**
+ * Skips a boundary token, and checks whether more
+ * encapsulations are contained in the stream.
+ *
+ * @return true if there are more encapsulations in
+ * this stream; false otherwise.
+ *
+ * @exception MalformedStreamException if the stream ends unexpecetedly or
+ * fails to follow required syntax.
+ */
+ public boolean readBoundary()
+ throws MalformedStreamException
+ {
+ byte[] marker = new byte[2];
+ boolean nextChunk = false;
+
+ head += boundaryLength;
+ try
+ {
+ marker[0] = readByte();
+ marker[1] = readByte();
+ if (arrayequals(marker, STREAM_TERMINATOR, 2))
+ {
+ nextChunk = false;
+ }
+ else if (arrayequals(marker, FIELD_SEPARATOR, 2))
+ {
+ nextChunk = true;
+ }
+ else
+ {
+ throw new MalformedStreamException(
+ "Unexpected characters follow a boundary");
+ }
+ }
+ catch (IOException e)
+ {
+ throw new MalformedStreamException("Stream ended unexpectedly");
+ }
+ return nextChunk;
+ }
+
+
+ /**
+ *
Changes the boundary token used for partitioning the stream. + * + *
This method allows single pass processing of nested multipart + * streams. + * + *
The boundary token of the nested stream is required
+ * to be of the same length as the boundary token in parent stream.
+ *
+ *
Restoring the parent stream boundary token after processing of a
+ * nested stream is left to the application.
+ *
+ * @param boundary The boundary to be used for parsing of the nested
+ * stream.
+ *
+ * @exception IllegalBoundaryException if the boundary
+ * has a different length than the one
+ * being currently parsed.
+ */
+ public void setBoundary(byte[] boundary)
+ throws IllegalBoundaryException
+ {
+ if (boundary.length != boundaryLength - 4)
+ {
+ throw new IllegalBoundaryException(
+ "The length of a boundary token can not be changed");
+ }
+ System.arraycopy(boundary, 0, this.boundary, 4, boundary.length);
+ }
+
+
+ /**
+ *
Reads the header-part of the current
+ * encapsulation.
+ *
+ *
Headers are returned verbatim to the input stream, including the
+ * trailing CRLF marker. Parsing is left to the
+ * application.
+ *
+ *
TODO allow limiting maximum header size to
+ * protect against abuse.
+ *
+ * @return The header-part of the current encapsulation.
+ *
+ * @exception MalformedStreamException if the stream ends unexpecetedly.
+ */
+ public String readHeaders()
+ throws MalformedStreamException
+ {
+ int i = 0;
+ byte b[] = new byte[1];
+ // to support multi-byte characters
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ int sizeMax = HEADER_PART_SIZE_MAX;
+ int size = 0;
+ while (i < 4)
+ {
+ try
+ {
+ b[0] = readByte();
+ }
+ catch (IOException e)
+ {
+ throw new MalformedStreamException("Stream ended unexpectedly");
+ }
+ size++;
+ if (b[0] == HEADER_SEPARATOR[i])
+ {
+ i++;
+ }
+ else
+ {
+ i = 0;
+ }
+ if (size <= sizeMax)
+ {
+ baos.write(b[0]);
+ }
+ }
+
+ String headers = null;
+ if (headerEncoding != null)
+ {
+ try
+ {
+ headers = baos.toString(headerEncoding);
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ // Fall back to platform default if specified encoding is not
+ // supported.
+ headers = baos.toString();
+ }
+ }
+ else
+ {
+ headers = baos.toString();
+ }
+
+ return headers;
+ }
+
+
+ /**
+ *
Reads body-data from the current
+ * encapsulation and writes its contents into the
+ * output Stream.
+ *
+ *
Arbitrary large amounts of data can be processed by this
+ * method using a constant size buffer. (see {@link
+ * #MultipartStream(InputStream,byte[],int) constructor}).
+ *
+ * @param output The Stream to write data into.
+ *
+ * @return the amount of data written.
+ *
+ * @exception MalformedStreamException if the stream ends unexpectedly.
+ * @exception IOException if an i/o error occurs.
+ */
+ public int readBodyData(OutputStream output)
+ throws MalformedStreamException,
+ IOException
+ {
+ boolean done = false;
+ int pad;
+ int pos;
+ int bytesRead;
+ int total = 0;
+ while (!done)
+ {
+ // Is boundary token present somewere in the buffer?
+ pos = findSeparator();
+ if (pos != -1)
+ {
+ // Write the rest of the data before the boundary.
+ output.write(buffer, head, pos - head);
+ total += pos - head;
+ head = pos;
+ done = true;
+ }
+ else
+ {
+ // Determine how much data should be kept in the
+ // buffer.
+ if (tail - head > keepRegion)
+ {
+ pad = keepRegion;
+ }
+ else
+ {
+ pad = tail - head;
+ }
+ // Write out the data belonging to the body-data.
+ output.write(buffer, head, tail - head - pad);
+
+ // Move the data to the beging of the buffer.
+ total += tail - head - pad;
+ System.arraycopy(buffer, tail - pad, buffer, 0, pad);
+
+ // Refill buffer with new data.
+ head = 0;
+ bytesRead = input.read(buffer, pad, bufSize - pad);
+
+ // [pprrrrrrr]
+ if (bytesRead != -1)
+ {
+ tail = pad + bytesRead;
+ }
+ else
+ {
+ // The last pad amount is left in the buffer.
+ // Boundary can't be in there so write out the
+ // data you have and signal an error condition.
+ output.write(buffer, 0, pad);
+ output.flush();
+ total += pad;
+ throw new MalformedStreamException(
+ "Stream ended unexpectedly");
+ }
+ }
+ }
+ output.flush();
+ return total;
+ }
+
+
+ /**
+ *
Reads body-data from the current
+ * encapsulation and discards it.
+ *
+ *
Use this method to skip encapsulations you don't need or don't
+ * understand.
+ *
+ * @return The amount of data discarded.
+ *
+ * @exception MalformedStreamException if the stream ends unexpectedly.
+ * @exception IOException if an i/o error occurs.
+ */
+ public int discardBodyData()
+ throws MalformedStreamException,
+ IOException
+ {
+ boolean done = false;
+ int pad;
+ int pos;
+ int bytesRead;
+ int total = 0;
+ while (!done)
+ {
+ // Is boundary token present somewere in the buffer?
+ pos = findSeparator();
+ if (pos != -1)
+ {
+ // Write the rest of the data before the boundary.
+ total += pos - head;
+ head = pos;
+ done = true;
+ }
+ else
+ {
+ // Determine how much data should be kept in the
+ // buffer.
+ if (tail - head > keepRegion)
+ {
+ pad = keepRegion;
+ }
+ else
+ {
+ pad = tail - head;
+ }
+ total += tail - head - pad;
+
+ // Move the data to the beging of the buffer.
+ System.arraycopy(buffer, tail - pad, buffer, 0, pad);
+
+ // Refill buffer with new data.
+ head = 0;
+ bytesRead = input.read(buffer, pad, bufSize - pad);
+
+ // [pprrrrrrr]
+ if (bytesRead != -1)
+ {
+ tail = pad + bytesRead;
+ }
+ else
+ {
+ // The last pad amount is left in the buffer.
+ // Boundary can't be in there so signal an error
+ // condition.
+ total += pad;
+ throw new MalformedStreamException(
+ "Stream ended unexpectedly");
+ }
+ }
+ }
+ return total;
+ }
+
+
+ /**
+ * Finds the beginning of the first encapsulation.
+ *
+ * @return true if an encapsulation was found in
+ * the stream.
+ *
+ * @exception IOException if an i/o error occurs.
+ */
+ public boolean skipPreamble()
+ throws IOException
+ {
+ // First delimiter may be not preceeded with a CRLF.
+ System.arraycopy(boundary, 2, boundary, 0, boundary.length - 2);
+ boundaryLength = boundary.length - 2;
+ try
+ {
+ // Discard all data up to the delimiter.
+ discardBodyData();
+
+ // Read boundary - if succeded, the stream contains an
+ // encapsulation.
+ return readBoundary();
+ }
+ catch (MalformedStreamException e)
+ {
+ return false;
+ }
+ finally
+ {
+ // Restore delimiter.
+ System.arraycopy(boundary, 0, boundary, 2, boundary.length - 2);
+ boundaryLength = boundary.length;
+ boundary[0] = 0x0D;
+ boundary[1] = 0x0A;
+ }
+ }
+
+
+ /**
+ * Compares count first bytes in the arrays
+ * a and b.
+ *
+ * @param a The first array to compare.
+ * @param b The second array to compare.
+ * @param count How many bytes should be compared.
+ *
+ * @return true if count first bytes in arrays
+ * a and b are equal.
+ */
+ public static boolean arrayequals(byte[] a,
+ byte[] b,
+ int count)
+ {
+ for (int i = 0; i < count; i++)
+ {
+ if (a[i] != b[i])
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+
+ /**
+ * Searches for a byte of specified value in the buffer,
+ * starting at the specified position.
+ *
+ * @param value The value to find.
+ * @param pos The starting position for searching.
+ *
+ * @return The position of byte found, counting from beginning of the
+ * buffer, or -1 if not found.
+ */
+ protected int findByte(byte value,
+ int pos)
+ {
+ for (int i = pos; i < tail; i++)
+ {
+ if (buffer[i] == value)
+ {
+ return i;
+ }
+ }
+
+ return -1;
+ }
+
+
+ /**
+ * Searches for the boundary in the buffer
+ * region delimited by head and tail.
+ *
+ * @return The position of the boundary found, counting from the
+ * beginning of the buffer, or -1 if
+ * not found.
+ */
+ protected int findSeparator()
+ {
+ int first;
+ int match = 0;
+ int maxpos = tail - boundaryLength;
+ for (first = head;
+ (first <= maxpos) && (match != boundaryLength);
+ first++)
+ {
+ first = findByte(boundary[0], first);
+ if (first == -1 || (first > maxpos))
+ {
+ return -1;
+ }
+ for (match = 1; match < boundaryLength; match++)
+ {
+ if (buffer[first + match] != boundary[match])
+ {
+ break;
+ }
+ }
+ }
+ if (match == boundaryLength)
+ {
+ return first - 1;
+ }
+ return -1;
+ }
+
+ /**
+ * Returns a string representation of this object.
+ *
+ * @return The string representation of this object.
+ */
+ public String toString()
+ {
+ StringBuffer sbTemp = new StringBuffer();
+ sbTemp.append("boundary='");
+ sbTemp.append(String.valueOf(boundary));
+ sbTemp.append("'\nbufSize=");
+ sbTemp.append(bufSize);
+ return sbTemp.toString();
+ }
+
+ /**
+ * Thrown to indicate that the input stream fails to follow the
+ * required syntax.
+ */
+ public class MalformedStreamException
+ extends IOException
+ {
+ /**
+ * Constructs a MalformedStreamException with no
+ * detail message.
+ */
+ public MalformedStreamException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs an MalformedStreamException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public MalformedStreamException(String message)
+ {
+ super(message);
+ }
+ }
+
+
+ /**
+ * Thrown upon attempt of setting an invalid boundary token.
+ */
+ public class IllegalBoundaryException
+ extends IOException
+ {
+ /**
+ * Constructs an IllegalBoundaryException with no
+ * detail message.
+ */
+ public IllegalBoundaryException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs an IllegalBoundaryException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public IllegalBoundaryException(String message)
+ {
+ super(message);
+ }
+ }
+
+
+ // ------------------------------------------------------ Debugging methods
+
+
+ // These are the methods that were used to debug this stuff.
+ /*
+
+ // Dump data.
+ protected void dump()
+ {
+ System.out.println("01234567890");
+ byte[] temp = new byte[buffer.length];
+ for(int i=0; i
+ * This class overrides all OutputStream methods. However, these
+ * overrides ultimately call the corresponding methods in the underlying output
+ * stream implementation.
+ *
+ * NOTE: This implementation may trigger the event before the threshold
+ * is actually reached, since it triggers when a pending write operation would
+ * cause the threshold to be exceeded.
+ *
+ * @author Martin Cooper
+ *
+ * @version $Id: ThresholdingOutputStream.java,v 1.3 2003/05/31 22:31:08 martinc Exp $
+ */
+public abstract class ThresholdingOutputStream
+ extends OutputStream
+{
+
+ // ----------------------------------------------------------- Data members
+
+
+ /**
+ * The threshold at which the event will be triggered.
+ */
+ private int threshold;
+
+
+ /**
+ * The number of bytes written to the output stream.
+ */
+ private long written;
+
+
+ /**
+ * Whether or not the configured threshold has been exceeded.
+ */
+ private boolean thresholdExceeded;
+
+
+ // ----------------------------------------------------------- Constructors
+
+
+ /**
+ * Constructs an instance of this class which will trigger an event at the
+ * specified threshold.
+ *
+ * @param threshold The number of bytes at which to trigger an event.
+ */
+ public ThresholdingOutputStream(int threshold)
+ {
+ this.threshold = threshold;
+ }
+
+
+ // --------------------------------------------------- OutputStream methods
+
+
+ /**
+ * Writes the specified byte to this output stream.
+ *
+ * @param b The byte to be written.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public void write(int b) throws IOException
+ {
+ checkThreshold(1);
+ getStream().write(b);
+ written++;
+ }
+
+
+ /**
+ * Writes b.length bytes from the specified byte array to this
+ * output stream.
+ *
+ * @param b The array of bytes to be written.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public void write(byte b[]) throws IOException
+ {
+ checkThreshold(b.length);
+ getStream().write(b);
+ written += b.length;
+ }
+
+
+ /**
+ * Writes len bytes from the specified byte array starting at
+ * offset off to this output stream.
+ *
+ * @param b The byte array from which the data will be written.
+ * @param off The start offset in the byte array.
+ * @param len The number of bytes to write.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public void write(byte b[], int off, int len) throws IOException
+ {
+ checkThreshold(len);
+ getStream().write(b, off, len);
+ written += len;
+ }
+
+
+ /**
+ * Flushes this output stream and forces any buffered output bytes to be
+ * written out.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public void flush() throws IOException
+ {
+ getStream().flush();
+ }
+
+
+ /**
+ * Closes this output stream and releases any system resources associated
+ * with this stream.
+ *
+ * @exception IOException if an error occurs.
+ */
+ public void close() throws IOException
+ {
+ try
+ {
+ flush();
+ }
+ catch (IOException ignored)
+ {
+ // ignore
+ }
+ getStream().close();
+ }
+
+
+ // --------------------------------------------------------- Public methods
+
+
+ /**
+ * Returns the threshold, in bytes, at which an event will be triggered.
+ *
+ * @return The threshold point, in bytes.
+ */
+ public int getThreshold()
+ {
+ return threshold;
+ }
+
+
+ /**
+ * Returns the number of bytes that have been written to this output stream.
+ *
+ * @return The number of bytes written.
+ */
+ public long getByteCount()
+ {
+ return written;
+ }
+
+
+ /**
+ * Determines whether or not the configured threshold has been exceeded for
+ * this output stream.
+ *
+ * @return true if the threshold has been reached;
+ * false otherwise.
+ */
+ public boolean isThresholdExceeded()
+ {
+ return (written > threshold);
+ }
+
+
+ // ------------------------------------------------------ Protected methods
+
+
+ /**
+ * Checks to see if writing the specified number of bytes would cause the
+ * configured threshold to be exceeded. If so, triggers an event to allow
+ * a concrete implementation to take action on this.
+ *
+ * @param count The number of bytes about to be written to the underlying
+ * output stream.
+ *
+ * @exception IOException if an error occurs.
+ */
+ protected void checkThreshold(int count) throws IOException
+ {
+ if (!thresholdExceeded && (written + count > threshold))
+ {
+ thresholdReached();
+ thresholdExceeded = true;
+ }
+ }
+
+
+ // ------------------------------------------------------- Abstract methods
+
+
+ /**
+ * Returns the underlying output stream, to which the corresponding
+ * OutputStream methods in this class will ultimately delegate.
+ *
+ * @return The underlying output stream.
+ *
+ * @exception IOException if an error occurs.
+ */
+ protected abstract OutputStream getStream() throws IOException;
+
+
+ /**
+ * Indicates that the configured threshold has been reached, and that a
+ * subclass should take whatever action necessary on this event. This may
+ * include changing the underlying output stream.
+ *
+ * @exception IOException if an error occurs.
+ */
+ protected abstract void thresholdReached() throws IOException;
+}
diff --git a/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/package.html b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/package.html
new file mode 100644
index 00000000..853871f1
--- /dev/null
+++ b/java/ModSecurityTestApp/src/java/org/apache/commons/fileupload/package.html
@@ -0,0 +1,66 @@
+
+
+
+ Component for handling html file uploads as given by rfc 1867 + RFC 1867. +
+
+ Normal usage of the package involves
+ {@link org.apache.commons.fileupload.DiskFileUpload DiskFileUpload}
+ parsing the HttpServletRequest and returning a list of
+ {@link org.apache.commons.fileupload.FileItem FileItem}'s.
+ These FileItem's provide easy access to the data
+ given in the upload. There is also a low level api for
+ manipulating the upload data encapsulated in the
+ {@link org.apache.commons.fileupload.MultipartStream MultipartStream}
+ class.
+
+ Normal usage example: +
+
+
+ public void doPost(HttpServletRequest req, HttpServletResponse res)
+ {
+ DiskFileUpload fu = new DiskFileUpload();
+ // maximum size before a FileUploadException will be thrown
+ fu.setSizeMax(1000000);
+ // maximum size that will be stored in memory
+ fu.setSizeThreshold(4096);
+ // the location for saving data that is larger than getSizeThreshold()
+ fu.setRepositoryPath("/tmp");
+
+ List fileItems = fu.parseRequest(req);
+ // assume we know there are two files. The first file is a small
+ // text file, the second is unknown and is written to a file on
+ // the server
+ Iterator i = fileItems.iterator();
+ String comment = ((FileItem)i.next()).getString();
+ FileItem fi = (FileItem)i.next();
+ // filename on the client
+ String fileName = fi.getName();
+ // save comment and filename to database
+ ...
+ // write the file
+ fi.write("/www/uploads/" + fileName);
+ }
+
+
+ In the example above the first file is loaded into memory as a
+ String. Before calling the getString method, the data
+ may have been in memory or on disk depending on its size. The second
+ file we assume it will be large and therefore never explicitly load
+ it into memory, though if it is less than 4096 bytes it will be
+ in memory before it is written to its final location. When writing to
+ the final location, if the data is larger than the
+ threshold, an attempt is made to rename the temporary file to
+ the given location. If it cannot be renamed, it is streamed to the
+ new location.
+