[jira] [Commented] (WINK-436) Boundary parameter for multipart/formdata Content-Type does not allow quoted-string

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (WINK-436) Boundary parameter for multipart/formdata Content-Type does not allow quoted-string

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/WINK-436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14711931#comment-14711931 ]

Jason Dawes commented on WINK-436:
----------------------------------

The method org.apache.wink.common.internal.providers.header.MediaTypeHeaderDelegate:fromSting() does not implement parsing of parameter values (rfc2045) correctly.

fromString("text/plain; param=\"this;will=produce two parameters\") will produce incorrect results despite being well formed
fromString("text/plain; param=\"value;param=\"overwritten\") starts getting interesting

> Boundary parameter for multipart/formdata Content-Type does not allow quoted-string
> -----------------------------------------------------------------------------------
>
>                 Key: WINK-436
>                 URL: https://issues.apache.org/jira/browse/WINK-436
>             Project: Wink
>          Issue Type: Bug
>          Components: Common
>    Affects Versions: 1.4
>         Environment: AIX 6, WebSphere 7.0.0.15, IBM Wink 1.1 / Apache Wink 1.4
>            Reporter: Jason Dawes
>            Priority: Minor
>
> A HTTP POST that specifies the boundary parameter of a multipart/formdata Content-Type using a quoted string (i.e. boundary="xxx") will then expect that the boundary markers in the body of the request match the literal string, including quotes.
> This works, but shouldn't
> --"xxx"
> This should, but doesn't
> --xxx
> Quotes should be removed when parsing the boundary parameter.
> [8/17/15 15:28:28:925 PDT] 00000022 SystemErr     R   338620969 [WebContainer : 3] ERROR org.apache.wink.server.internal.RequestProcessor - An unhandled exception occurred which will be propagated to the container.
> [8/17/15 15:28:28:926 PDT] 00000022 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one of the service methods of the servlet JAX-RS Servlet in application OneLinkImagingClientRSC. Exception created : java.lang.StringIndexOutOfBoundsException
>         at java.lang.String.substring(String.java:1093)
>         at org.apache.wink.common.internal.providers.multipart.MultiPartParser.parseHeaders(MultiPartParser.java:264)
>         at org.apache.wink.common.internal.providers.multipart.MultiPartParser.nextPart(MultiPartParser.java:109)
>         at org.apache.wink.common.model.multipart.InMultiPart.hasNext(InMultiPart.java:83)
>         at org.apache.wink.common.model.multipart.BufferedInMultiPart.<init>(BufferedInMultiPart.java:50)
>         at org.apache.wink.common.internal.providers.multipart.BufferedInMultiPartProvider.readFrom(BufferedInMultiPartProvider.java:62)
>         at org.apache.wink.common.internal.providers.multipart.BufferedInMultiPartProvider.readFrom(BufferedInMultiPartProvider.java:39)
>         at org.apache.wink.server.internal.registry.ServerInjectableFactory$EntityParam.getValue(ServerInjectableFactory.java:200)
>         at org.apache.wink.common.internal.registry.InjectableFactory.instantiate(InjectableFactory.java:68)
>         at org.apache.wink.server.internal.handlers.CreateInvocationParametersHandler.handleRequest(CreateInvocationParametersHandler.java:44)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleSubResourceMethod(FindResourceMethodHandler.java:183)
>         at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleRequest(FindResourceMethodHandler.java:110)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.handlers.FindRootResourceHandler.handleRequest(FindRootResourceHandler.java:95)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.handlers.HeadMethodHandler.handleRequest(HeadMethodHandler.java:53)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.handlers.OptionsMethodHandler.handleRequest(OptionsMethodHandler.java:46)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.handlers.SearchResultHandler.handleRequest(SearchResultHandler.java:33)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.log.ResourceInvocation.handleRequest(ResourceInvocation.java:92)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.internal.log.Requests.handleRequest(Requests.java:76)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
>         at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:52)
>         at org.apache.wink.server.handlers.AbstractHandlersChain.run(AbstractHandlersChain.java:48)
>         at org.apache.wink.server.internal.RequestProcessor.handleRequestWithoutFaultBarrier(RequestProcessor.java:207)
>         at org.apache.wink.server.internal.RequestProcessor.handleRequest(RequestProcessor.java:154)
>         at org.apache.wink.server.internal.servlet.RestServlet.service(RestServlet.java:119)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
>         at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1657)
>         at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1597)
>         at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:131)
>         at org.kp.onelink.oli.Filter.doFilter(Filter.java:344)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)