From bbdb38dedc09e4868e33699d012f2c70759fa35c Mon Sep 17 00:00:00 2001 From: Lukasz Lenart Date: Mon, 23 Dec 2024 14:10:04 +0100 Subject: [PATCH] WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines --- .../multipart/AbstractMultiPartRequest.java | 4 ++++ .../multipart/JakartaMultiPartRequest.java | 16 ++++++++------ .../JakartaStreamMultiPartRequest.java | 22 +++++++++++-------- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java index 38852a2f23..aeace3120b 100644 --- a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java +++ b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java @@ -304,6 +304,10 @@ protected String getCanonicalName(final String originalFileName) { return fileName; } + /** + * @deprecated since 7.0.1, use {@link StringUtils#normalizeSpace(String)} instead + */ + @Deprecated protected String sanitizeNewlines(String before) { return before.replaceAll("\\R", "_"); } diff --git a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java index dd74286564..b36e6e2f81 100644 --- a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java +++ b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java @@ -32,6 +32,8 @@ import java.util.ArrayList; import java.util.List; +import static org.apache.commons.lang3.StringUtils.normalizeSpace; + /** * Multipart form data request adapter for Jakarta Commons FileUpload package. */ @@ -47,11 +49,11 @@ protected void processUpload(HttpServletRequest request, String saveDir) throws prepareServletFileUpload(charset, Path.of(saveDir)); for (DiskFileItem item : servletFileUpload.parseRequest(request)) { - LOG.debug(() -> "Processing a form field: " + sanitizeNewlines(item.getFieldName())); + LOG.debug(() -> "Processing a form field: " + normalizeSpace(item.getFieldName())); if (item.isFormField()) { processNormalFormField(item, charset); } else { - LOG.debug(() -> "Processing a file: " + sanitizeNewlines(item.getFieldName())); + LOG.debug(() -> "Processing a file: " + normalizeSpace(item.getFieldName())); processFileField(item); } } @@ -78,7 +80,7 @@ protected void processNormalFormField(DiskFileItem item, Charset charset) throws LOG.debug("Item: {} is a normal form field", item.getName()); if (!isAccepted(item.getFieldName())) { - LOG.warn("Form field [{}] is rejected!", sanitizeNewlines(item.getFieldName())); + LOG.warn(() -> "Form field [%s] is rejected!".formatted(normalizeSpace(item.getFieldName()))); return; } @@ -104,18 +106,18 @@ protected void processNormalFormField(DiskFileItem item, Charset charset) throws protected void processFileField(DiskFileItem item) { if (!isAccepted(item.getName())) { - LOG.warn("File name [{}] is not accepted", sanitizeNewlines(item.getName())); + LOG.warn(() -> "File name [%s] is not accepted".formatted(normalizeSpace(item.getName()))); return; } if (!isAccepted(item.getFieldName())) { - LOG.warn("Field name [{}] is not accepted", sanitizeNewlines(item.getFieldName())); + LOG.warn(() -> "Field name [%s] is not accepted".formatted(normalizeSpace(item.getFieldName()))); return; } // Skip file uploads that don't have a file name - meaning that no file was selected. if (item.getName() == null || item.getName().trim().isEmpty()) { - LOG.debug(() -> "No file has been uploaded for the field: " + sanitizeNewlines(item.getFieldName())); + LOG.debug(() -> "No file has been uploaded for the field: " + normalizeSpace(item.getFieldName())); return; } @@ -127,7 +129,7 @@ protected void processFileField(DiskFileItem item) { } if (item.isInMemory()) { - LOG.warn("Storing uploaded files just in memory isn't supported currently, skipping file: {}!", item.getName()); + LOG.warn(() -> "Storing uploaded files just in memory isn't supported currently, skipping file: %s!".formatted(normalizeSpace(item.getName()))); } else { UploadedFile uploadedFile = StrutsUploadedFile.Builder .create(item.getPath().toFile()) diff --git a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java index 50544d4939..7fb44f21f8 100644 --- a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java +++ b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java @@ -42,6 +42,8 @@ import java.util.List; import java.util.UUID; +import static org.apache.commons.lang3.StringUtils.normalizeSpace; + /** * Multi-part form data request adapter for Jakarta Commons FileUpload package that * leverages the streaming API rather than the traditional non-streaming API. @@ -71,10 +73,10 @@ protected void processUpload(HttpServletRequest request, String saveDir) throws LOG.debug("Using Jakarta Stream API to process request"); servletFileUpload.getItemIterator(request).forEachRemaining(item -> { if (item.isFormField()) { - LOG.debug(() -> "Processing a form field: " + sanitizeNewlines(item.getFieldName())); + LOG.debug(() -> "Processing a form field: " + normalizeSpace(item.getFieldName())); processFileItemAsFormField(item); } else { - LOG.debug(() -> "Processing a file: " + sanitizeNewlines(item.getFieldName())); + LOG.debug(() -> "Processing a file: " + normalizeSpace(item.getFieldName())); processFileItemAsFileField(item, location); } }); @@ -115,7 +117,7 @@ protected void processFileItemAsFormField(FileItemInput fileItemInput) throws IO String fieldValue = readStream(fileItemInput.getInputStream()); if (!isAccepted(fieldName)) { - LOG.warn("Form field [{}] is rejected!", sanitizeNewlines(fieldName)); + LOG.warn(() -> "Form field [%s] is rejected!".formatted(normalizeSpace(fieldName))); return; } @@ -146,7 +148,7 @@ private boolean exceedsMaxFiles(FileItemInput fileItemInput) { if (maxFiles != null && maxFiles == uploadedFiles.size()) { if (LOG.isDebugEnabled()) { LOG.debug("Cannot accept another file: {} as it will exceed max files: {}", - sanitizeNewlines(fileItemInput.getName()), maxFiles); + normalizeSpace(fileItemInput.getName()), maxFiles); } LocalizedMessage errorMessage = buildErrorMessage( FileUploadFileCountLimitException.class, @@ -165,7 +167,7 @@ private boolean exceedsMaxFiles(FileItemInput fileItemInput) { private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long currentFilesSize) { if (LOG.isDebugEnabled()) { LOG.debug("File: {} of size: {} exceeds allowed max size: {}, actual size of already uploaded files: {}", - sanitizeNewlines(fileItemInput.getName()), file.length(), maxSizeOfFiles, currentFilesSize + normalizeSpace(fileItemInput.getName()), file.length(), maxSizeOfFiles, currentFilesSize ); } LocalizedMessage errorMessage = buildErrorMessage( @@ -179,7 +181,7 @@ private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long } if (!file.delete() && LOG.isWarnEnabled()) { LOG.warn("Cannot delete file: {} which exceeds maximum size: {} of all files!", - sanitizeNewlines(fileItemInput.getName()), maxSizeOfFiles); + normalizeSpace(fileItemInput.getName()), maxSizeOfFiles); } } @@ -192,12 +194,12 @@ private void exceedsMaxSizeOfFiles(FileItemInput fileItemInput, File file, Long protected void processFileItemAsFileField(FileItemInput fileItemInput, Path location) throws IOException { // Skip file uploads that don't have a file name - meaning that no file was selected. if (fileItemInput.getName() == null || fileItemInput.getName().trim().isEmpty()) { - LOG.debug(() -> "No file has been uploaded for the field: " + sanitizeNewlines(fileItemInput.getFieldName())); + LOG.debug(() -> "No file has been uploaded for the field: " + normalizeSpace(fileItemInput.getFieldName())); return; } if (!isAccepted(fileItemInput.getName())) { - LOG.warn("File field [{}] rejected", sanitizeNewlines(fileItemInput.getName())); + LOG.warn(() -> "File field [%s] rejected".formatted(normalizeSpace(fileItemInput.getName()))); return; } @@ -240,7 +242,9 @@ protected void streamFileToDisk(FileItemInput fileItemInput, File file) throws I InputStream input = fileItemInput.getInputStream(); try (OutputStream output = new BufferedOutputStream(Files.newOutputStream(file.toPath()), bufferSize)) { byte[] buffer = new byte[bufferSize]; - LOG.debug("Streaming file: {} using buffer size: {}", sanitizeNewlines(fileItemInput.getName()), bufferSize); + if (LOG.isDebugEnabled()) { + LOG.debug("Streaming file: {} using buffer size: {}", normalizeSpace(fileItemInput.getName()), bufferSize); + } for (int length; ((length = input.read(buffer)) > 0); ) { output.write(buffer, 0, length); }