Skip to content

Commit dd4ab61

Browse files
zjiuyangzjiuyang
committed
make upload in examlpe web-file-browser work
1 parent 7305989 commit dd4ab61

File tree

2 files changed

+17
-3
lines changed

2 files changed

+17
-3
lines changed

examples/web-file-browser/src/main/java/com/dropbox/core/examples/web_file_browser/DropboxBrowse.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import com.dropbox.core.v2.files.LookupError;
1919
import com.dropbox.core.v2.files.Metadata;
2020

21+
import javax.servlet.MultipartConfigElement;
2122
import javax.servlet.ServletException;
2223
import javax.servlet.http.HttpServletRequest;
2324
import javax.servlet.http.HttpServletResponse;
@@ -240,6 +241,8 @@ public void doBrowse(HttpServletRequest request, HttpServletResponse response)
240241
public void doUpload(HttpServletRequest request, HttpServletResponse response)
241242
throws IOException, ServletException
242243
{
244+
MultipartConfigElement multipartConfigElement = new MultipartConfigElement("/tmp");
245+
request.setAttribute("org.eclipse.multipartConfig", multipartConfigElement);
243246
if (!common.checkPost(request, response)) return;
244247
User user = common.requireLoggedInUser(request, response);
245248
if (user == null) return;
@@ -323,7 +326,13 @@ private static String slurpUtf8Part(HttpServletRequest request, HttpServletRespo
323326
byte[] bytes = new byte[maxLength];
324327
InputStream in = part.getInputStream();
325328
int bytesRead = in.read(bytes);
329+
330+
if (in.read() == -1) {
331+
return "";
332+
}
333+
326334
String s = StringUtil.utf8ToString(bytes, 0, bytesRead);
335+
327336
if (in.read() != -1) {
328337
response.sendError(400, "Field " + jq(name) + " is too long (the limit is " + maxLength + " bytes): " + jq(s));
329338
return null;

examples/web-file-browser/src/main/java/com/dropbox/core/examples/web_file_browser/FormProtection.java

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
11
package com.dropbox.core.examples.web_file_browser;
22

3+
import javax.servlet.ServletException;
34
import javax.servlet.http.HttpServletRequest;
45
import javax.servlet.http.HttpServletResponse;
6+
import javax.servlet.http.Part;
57

8+
import java.io.IOException;
69
import java.io.PrintWriter;
710
import static org.apache.commons.lang3.StringEscapeUtils.escapeHtml4;
811

@@ -54,10 +57,12 @@ public void insertAntiCsrfFormField(PrintWriter out)
5457
// Call this when handling any form POST request. If it returns
5558
// null, the CSRF token is ok. If it returns some other string,
5659
// display that error message to the user.
57-
public static String checkAntiCsrfToken(HttpServletRequest request)
60+
public static String checkAntiCsrfToken(HttpServletRequest request) throws IOException, ServletException
5861
{
59-
String antiCsrfToken = request.getParameter("anti-csrf-token");
60-
if (antiCsrfToken == null) {
62+
if (request.getContentType() != null &&
63+
request.getContentType().toLowerCase().indexOf("multipart/form-data") > -1 &&
64+
request.getPart("anti-csrf-token") == null ||
65+
request.getParameter("anti-csrf-token") == null) {
6166
return "missing \"" + antiCsrfTokenName + "\" POST parameter";
6267
}
6368

0 commit comments

Comments
 (0)