HTTPUtilities.getFileUploads(...) does not allow access to other form posted parameters (FileItem form fields).

[meg23]

From brent.sh...@gmail.com on March 04, 2011 14:05:49

The HTTPUtilities.getFileUploads(...) methods do not provide a means to get at non-file posted fields.

This could be fixed by either:

1. Overloading the methods once again to provide a list that could be populated with the form fields.
2. Creating a another method that returns the list of files and the form fields.

I think the second approach would be better, but I wouldn't stop there. I feel the best approach would be to create a new interface and implementation specifically for file uploads, which allow returning both types of items. By doing this, the DefaultHTTPUtilities would no longer have a dependency on the apache-commons-fileupload code, so applications could use DefaultHTTPUtilities and not have to include the fileupload code if it didn't do any file upload.

I've included a patch with the changes I would make. I didn't create any new unit tests, but the existing ones all pass.

Attachment: fileupload.patch.txt

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=213

[meg23]

From kevin.w.wall@gmail.com on September 18, 2014 13:04:09

Labels: Type-Enhancement

[meg23]

From kevin.w.wall@gmail.com on September 22, 2014 18:57:01

Labels: Priority-Low FirstBug OpSys-All

[meg23]

From kevin.w.wall@gmail.com on September 26, 2014 20:10:28

Labels: Component-HttpUtilities