From 8ff2085120a27993ae4759f5bce2f93a32885063 Mon Sep 17 00:00:00 2001 From: Sven Strickroth Date: Sun, 14 Feb 2021 18:05:07 +0100 Subject: [PATCH] Hard enforce configured max upload size Signed-off-by: Sven Strickroth --- .../main/java/gwtupload/server/UploadServlet.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/gwtupload/server/UploadServlet.java b/core/src/main/java/gwtupload/server/UploadServlet.java index 8b7801a5..f65452b0 100644 --- a/core/src/main/java/gwtupload/server/UploadServlet.java +++ b/core/src/main/java/gwtupload/server/UploadServlet.java @@ -843,11 +843,16 @@ protected Map getUploadStatus(HttpServletRequest request, String * */ protected String parsePostRequest(HttpServletRequest request, HttpServletResponse response) { - + long maxUploadSize = maxSize; try { String delay = request.getParameter(PARAM_DELAY); - String maxFilesize = request.getParameter(PARAM_MAX_FILE_SIZE); - maxSize = maxFilesize != null && maxFilesize.matches("[0-9]*") ? Long.parseLong(maxFilesize) : maxSize; + String maxFilesize = request.getParameter(PARAM_MAX_FILE_SIZE); // the parameter name is misleading as it indicates the filesize and not the whole upload size + if (maxFilesize != null && maxFilesize.matches("[0-9]*")) { + long parsedSize = Long.parseLong(maxFilesize); + if (maxUploadSize != -1 && parsedSize < maxUploadSize) { + maxUploadSize = parsedSize; + } + } uploadDelay = Integer.parseInt(delay); } catch (Exception e) { } @@ -879,7 +884,7 @@ protected String parsePostRequest(HttpServletRequest request, HttpServletRespons // Create the factory used for uploading files, FileItemFactory factory = getFileItemFactory(getContentLength(request)); ServletFileUpload uploader = new ServletFileUpload(factory); - uploader.setSizeMax(maxSize); + uploader.setSizeMax(maxUploadSize); uploader.setFileSizeMax(maxFileSize); uploader.setProgressListener(listener);