WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines

apache · Dec 23, 2024 · bbdb38d · bbdb38d
1 parent 552f7eb
commit bbdb38d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 16 deletions.
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
@@ -304,6 +304,10 @@ protected String getCanonicalName(final String originalFileName) {
         return fileName;
     }
 
+    /**
+     * @deprecated since 7.0.1, use {@link StringUtils#normalizeSpace(String)} instead
+     */
+    @Deprecated
     protected String sanitizeNewlines(String before) {
         return before.replaceAll("\\R", "_");
     }

diff --git a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
@@ -32,6 +32,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import static org.apache.commons.lang3.StringUtils.normalizeSpace;
+
 /**
  * Multipart form data request adapter for Jakarta Commons FileUpload package.
  */
@@ -47,11 +49,11 @@ protected void processUpload(HttpServletRequest request, String saveDir) throws
                 prepareServletFileUpload(charset, Path.of(saveDir));
 
         for (DiskFileItem item : servletFileUpload.parseRequest(request)) {
-            LOG.debug(() -> "Processing a form field: " + sanitizeNewlines(item.getFieldName()));
+            LOG.debug(() -> "Processing a form field: " + normalizeSpace(item.getFieldName()));
             if (item.isFormField()) {
                 processNormalFormField(item, charset);
             } else {
-                LOG.debug(() -> "Processing a file: " + sanitizeNewlines(item.getFieldName()));
+                LOG.debug(() -> "Processing a file: " + normalizeSpace(item.getFieldName()));
                 processFileField(item);
             }
         }
@@ -78,7 +80,7 @@ protected void processNormalFormField(DiskFileItem item, Charset charset) throws
         LOG.debug("Item: {} is a normal form field", item.getName());
 
         if (!isAccepted(item.getFieldName())) {
-            LOG.warn("Form field [{}] is rejected!", sanitizeNewlines(item.getFieldName()));
+            LOG.warn(() -> "Form field [%s] is rejected!".formatted(normalizeSpace(item.getFieldName())));
             return;
         }
 
@@ -104,18 +106,18 @@ protected void processNormalFormField(DiskFileItem item, Charset charset) throws
 
     protected void processFileField(DiskFileItem item) {
         if (!isAccepted(item.getName())) {
-            LOG.warn("File name [{}] is not accepted", sanitizeNewlines(item.getName()));
+            LOG.warn(() -> "File name [%s] is not accepted".formatted(normalizeSpace(item.getName())));
             return;
         }
 
         if (!isAccepted(item.getFieldName())) {
-            LOG.warn("Field name [{}] is not accepted", sanitizeNewlines(item.getFieldName()));
+            LOG.warn(() -> "Field name [%s] is not accepted".formatted(normalizeSpace(item.getFieldName())));
             return;
         }
 
         // Skip file uploads that don't have a file name - meaning that no file was selected.
         if (item.getName() == null || item.getName().trim().isEmpty()) {
-            LOG.debug(() -> "No file has been uploaded for the field: " + sanitizeNewlines(item.getFieldName()));
+            LOG.debug(() -> "No file has been uploaded for the field: " + normalizeSpace(item.getFieldName()));
             return;
         }
 
@@ -127,7 +129,7 @@ protected void processFileField(DiskFileItem item) {
         }
 
         if (item.isInMemory()) {
-            LOG.warn("Storing uploaded files just in memory isn't supported currently, skipping file: {}!", item.getName());
+            LOG.warn(() -> "Storing uploaded files just in memory isn't supported currently, skipping file: %s!".formatted(normalizeSpace(item.getName())));
         } else {
             UploadedFile uploadedFile = StrutsUploadedFile.Builder
                     .create(item.getPath().toFile())

diff --git a/.../src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java b/.../src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java
@@ -42,6 +42,8 @@
 import java.util.List;
 import java.util.UUID;
 
+import static org.apache.commons.lang3.StringUtils.normalizeSpace;
+
 /**
  * Multi-part form data request adapter for Jakarta Commons FileUpload package that
  * leverages the streaming API rather than the traditional non-streaming API.
@@ -71,10 +73,10 @@ protected void processUpload(HttpServletRequest request, String saveDir) throws
         LOG.debug("Using Jakarta Stream API to process request");
         servletFileUpload.getItemIterator(request).forEachRemaining(item -> {
             if (item.isFormField()) {
-                LOG.debug(() -> "Processing a form field: " + sanitizeNewlines(item.getFieldName()));
+                LOG.debug(() -> "Processing a form field: " + normalizeSpace(item.getFieldName()));
                 processFileItemAsFormField(item);
             } else {
-                LOG.debug(() -> "Processing a file: " + sanitizeNewlines(item.getFieldName()));
+                LOG.debug(() -> "Processing a file: " + normalizeSpace(item.getFieldName()));
                 processFileItemAsFileField(item, location);
             }
         });
@@ -115,7 +117,7 @@ protected void processFileItemAsFormField(FileItemInput fileItemInput) throws IO
         String fieldValue = readStream(fileItemInput.getInputStream());
 
         if (!isAccepted(fieldName)) {
-            LOG.warn("Form field [{}] is rejected!", sanitizeNewlines(fieldName));
+            LOG.warn(() -> "Form field [%s] is rejected!".formatted(normalizeSpace(fieldName)));
             return;
         }
 
@@ -146,7 +148,7 @@ private boolean exceedsMaxFiles(FileItemInput fileItemInput) {
         if (maxFiles != null && maxFiles == uploadedFiles.size()) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug("Cannot accept another file: {} as it will exceed max files: {}",
-                        sanitizeNewlines(fileItemInput.getName()), maxFiles);
+                        normalizeSpace(fileItemInput.getName()), maxFiles);
             }
             LocalizedMessage errorMessage = buildErrorMessage(
                     FileUploadFileCountLimitException.class,
@@ -165,7 +167,7 @@ private boolean exceedsMaxFiles(FileItemInput fileItemInput) {
     private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long currentFilesSize) {
         if (LOG.isDebugEnabled()) {
             LOG.debug("File: {} of size: {} exceeds allowed max size: {}, actual size of already uploaded files: {}",
-                    sanitizeNewlines(fileItemInput.getName()), file.length(), maxSizeOfFiles, currentFilesSize
+                    normalizeSpace(fileItemInput.getName()), file.length(), maxSizeOfFiles, currentFilesSize
             );
         }
         LocalizedMessage errorMessage = buildErrorMessage(
@@ -179,7 +181,7 @@ private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long
         }
         if (!file.delete() && LOG.isWarnEnabled()) {
             LOG.warn("Cannot delete file: {} which exceeds maximum size: {} of all files!",
-                    sanitizeNewlines(fileItemInput.getName()), maxSizeOfFiles);
+                    normalizeSpace(fileItemInput.getName()), maxSizeOfFiles);
         }
     }
 
@@ -192,12 +194,12 @@ private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long
     protected void processFileItemAsFileField(FileItemInput fileItemInput, Path location) throws IOException {
         // Skip file uploads that don't have a file name - meaning that no file was selected.
         if (fileItemInput.getName() == null || fileItemInput.getName().trim().isEmpty()) {
-            LOG.debug(() -> "No file has been uploaded for the field: " + sanitizeNewlines(fileItemInput.getFieldName()));
+            LOG.debug(() -> "No file has been uploaded for the field: " + normalizeSpace(fileItemInput.getFieldName()));
             return;
         }
 
         if (!isAccepted(fileItemInput.getName())) {
-            LOG.warn("File field [{}] rejected", sanitizeNewlines(fileItemInput.getName()));
+            LOG.warn(() -> "File field [%s] rejected".formatted(normalizeSpace(fileItemInput.getName())));
             return;
         }
 
@@ -240,7 +242,9 @@ protected void streamFileToDisk(FileItemInput fileItemInput, File file) throws I
         InputStream input = fileItemInput.getInputStream();
         try (OutputStream output = new BufferedOutputStream(Files.newOutputStream(file.toPath()), bufferSize)) {
             byte[] buffer = new byte[bufferSize];
-            LOG.debug("Streaming file: {} using buffer size: {}", sanitizeNewlines(fileItemInput.getName()), bufferSize);
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Streaming file: {} using buffer size: {}", normalizeSpace(fileItemInput.getName()), bufferSize);
+            }
             for (int length; ((length = input.read(buffer)) > 0); ) {
                 output.write(buffer, 0, length);
             }