Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 32.0.0.Beta1, 32.0.0.Final
Affects Version/s: 30.0.0.Final, 30.0.1.Final
Component/s: JSF, Web (Undertow)
Labels:
None

Steps to Reproduce:

Hide

Deploy attached war in wildfly 30.0.0:

Start http://localhost:8000/UploadTest-0.0.1-SNAPSHOT/index.html in browser and watch console:
17:07:37,191 INFO [stdout] (default task-1) Size of test:25

17:07:37,273 INFO [stdout] (default task-1) Size of test:50

17:07:37,350 INFO [stdout] (default task-1) Size of test:75

...
17:08:46,817 INFO [stdout] (default task-1) Size of test:16350

17:08:46,959 INFO [stdout] (default task-1) Size of test:16375

17:08:47,051 INFO [stdout] (default task-1) Size of test:16400

17:08:47,157 INFO [stdout] (default task-1) Size of test:25

With wildfly 29.0.1 the test runs without problems.

Show
Deploy attached war in wildfly 30.0.0: Start http://localhost:8000/UploadTest-0.0.1-SNAPSHOT/index.html in browser and watch console: 17:07:37,191 INFO [stdout] (default task-1) Size of test:25 17:07:37,273 INFO [stdout] (default task-1) Size of test:50 17:07:37,350 INFO [stdout] (default task-1) Size of test:75 ... 17:08:46,817 INFO [stdout] (default task-1) Size of test:16350 17:08:46,959 INFO [stdout] (default task-1) Size of test:16375 17:08:47,051 INFO [stdout] (default task-1) Size of test:16400 17:08:47,157 INFO [stdout] (default task-1) Size of test:25 With wildfly 29.0.1 the test runs without problems.
[QE] How to address?:
---
[QE] Why QE missed?:
---

Beginning with wildfly 30.0.0 parameter with more than 16425 Bytes input data are ignored if form has enctype "multipart/form-data"

BackingBean:
package bug;

import java.io.Serializable;

import jakarta.enterprise.context.RequestScoped;

import jakarta.inject.Named;

@Named

@RequestScoped

public class BackingBean implements Serializable{

private String content;

private String test = "1";

public String getContent() {

return content;

}

public void setContent(String content) {

this.content = content;

}

public String getTest() {

return test;

}

public void setTest(String test) {

this.test = test;

}

public void action() {

test +="AAAAAAAAAAAAAAAAAAAAAAA\n";

System.out.println("Size of test:"+test.length());

}

{color:#000000}}

index.xhtml
<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml"

xmlns:h="jakarta.faces.html"

lang="de">

<h:head>

</h:head>

<h:body>

<h:form enctype="multipart/form-data" id="testForm">

<h:inputTextarea value="#{backingBean.test}" cols="20" rows="10"/>

<br/>

<h:commandButton value="Submit" action="#{backingBean.action}" id="btn"/>

</h:form>

document.getElementById("testForm\:btn").click();

</script>

</h:body>

</html>

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

UploadTest-0.0.1-SNAPSHOT.war
4 kB
2023/12/04 4:51 PM

is caused by

UNDERTOW-2271 CVE-2023-3223 Large uploaded file does not persist to disk if the filename is omitted

Closed

is duplicated by

WFLY-18847 Problems sending LARGE inputfields using WildFly 30 and Mojarra 4

Closed

is related to

UNDERTOW-2337 Multipart form-data larger than 16KiB is not available through Servlet getParameter API

Closed

relates to

JBEAP-26355 [GSS](7.4.z) UNDERTOW-2337 - Multipart form-data larger than 16KiB is not available through Servlet getParameter API after EAP 7.4.12 (CVE-2023-3223 / UNDERTOW-2271 fix)

Closed

JBEAP-26413 [GSS](8.0.z) UNDERTOW-2337 - Multipart form-data larger than 16KiB is not available through Servlet getParameter API after EAP 7.4.12 (CVE-2023-3223 / UNDERTOW-2271 fix)

Closed

Assignee:: Jason Lee

Reporter:: Joachim Landwehr (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/12/04 4:56 PM

Updated:: 2024/06/06 1:00 AM

Resolved:: 2024/02/22 8:54 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates