-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 3/30/20 16:51, Mark Thomas wrote: > On 30/03/2020 21:45, Christopher Schultz wrote: >> All, >> >> In my application under Tomcat 8.5.51, I have configured a >> servlet to allow multipart/form-data submissions and I have added >> this configuration as a part of the <servlet> config: >> >> <multipart-config> <max-file-size>1048576</max-file-size><!-- >> 1MiB --> <max-request-size>1049600</max-request-size><!-- 1 MiB + >> 1 kiB --> </multipart-config> >> >> Without the <multipart-config> section, the upload does not work >> at all, so I know I have added this in the right place. >> >> But I am able to upload files larger than 1MiB, and the data is >> being given to the servlet. I was expecting an error to be sent >> to the client (unlikely) or the data to be suppressed from the >> servlet, or some kind of indication to the servlet code that the >> upload was too big. >> >> The file I'm uploading as a test is 13658819 bytes, which is >> greater than both 1048576 and 1049600. >> >> What am I missing, here? > > Are you reading the request body directly? That will bypass the > size checks. Nope. The order of calls in my servlet (actually a Struts action, but there shouldn't be much in the way of interference, there) is: getContentType getAttributeNames (for debugging; I was expecting to getAttribute see an attribute saying "too big" or something) getSession getParameter (a few times) getCharacterEncoding getParts The file definitely has data, in it, too. I'm uploading a file much larger than expected just as a test, so I don't care what it is. I'm uploading a tarball as a CSV and my servlet says "umm, that ain't CSV" and logs the first few bytes of the file (and they aren't null or empty or whatever I might expect if Tomcat were rejecting the upload). > If that doesn't explain it, I'd fire up a remote debugger, debug > through an upload and see why the size checks are skipped. Time to figure out how to attach a debugger :) Fortunately, I've got everything running on my own laptop, so I don't have to instrument a server somewhere else. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6CbecACgkQHPApP6U8 pFitFA/8CjVZrWTbxnSTp7EiNyCYDJWEZyWr8O4PAqZCp9csIwKoKEhAG087UHnc g+Br8UPaH8DejOSCDu5X9HuTkjhtsDfu9l5lsnXcp1dTy4DzWfAPgdKi23i6o94y BpAiRESMxT3PJ6mMbKae0auiPAVZ1K5WJ2m3rKC7dPGbqNlqaiAw1ZMoTWVfJNix wAKTGEAIkJSo687qyoqTNEBjS0AeqFln2HvHkErHb4rt79uy1R0bL4QbnptED/h6 UihnUSqckn9F2R67f7duQeXQBvtmIFDVBegY0iZF/pyBnR4ifogv7V2QwWJikc8W SkmMF9ZC2LWa0pXjvS4nVQNFv1Bg9tWYUZJFRqTr2lqqUkkEKqiWrGRNgmX8P/mx 6sNnGR+dc+q6L3Xp5ujdo85Hc46xuv7kUrW9SSpxkDCmhIiefPf+6HY5qh+1kvNW vMn2Bz1PIK6+TbkgFFcJlrTns2kL9mea64dwyKDuJxdt2o/TLGJpA/Z6Uocieh9+ 6cP3J3oy9WuuxlIq3q6jwnJRua41gDIXiEyLug4iVBCBJzGO7kUsvOUEze9L1r3N IZWwLDCnPwg6QdWFrP9K7Kp7TqLHjvBF2hOLJHmCAAJlx21FIA5OscpVevKlVOuS S0DvdunN8uj9biv/pueMZmFUl1XCvgLw+D8JpGEgAUHbdhJwIQw= =pwCh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
