Mark Thomas wrote:
On 14/12/2012 21:13, André Warnier wrote:
<snip/>
If it's "multipart/form-data", it delegates to another method,
parseParts().
<snip/>
Why the Content-Length is not checked, I am unsure. It seems it would
be less expensive to throw the exception before ever trying to parse the
parts. However, this APPEARS to be the functional equivalent of checking
the Content-Length.
I think that is simply an oversight in the commit [1] that added the
checking. If a content-length is present then checking it would be
simpler. The existing checks need to be kept for the chunked request
body case.
As always, patches welcome.
In the Apache httpd DAV implementation, the LimitXMLRequestBody is the only way to control
the maximum size of an upload. It is a p-i-t-a, because that size does not relate easily
to the size of the file one is really uploading, making it difficult to set a sensible limit.
The way Tomcat is apparently doing it now is much more sensible, in my humble opinion,
because it does allow a direct and easy comparison with the files being uploaded.
And since as per above it needs to be kept in some cases anyway, my vote - if I had one -
would be to not change it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
