multipart/form-data request with 2 files with the same name - possible bug

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

multipart/form-data request with 2 files with the same name - possible bug

Builder Lynx Demo
Hi,

I'm using Tomcat 8.5.15 on Linux (CentOS 7).

Imagine the following scenario:

I have a web page with a form with a structure like:
<form  method="POST" action="..." enctype="multipart/form-data">
  <input type="file" name="file1">
  <input type="file" name="file2">
  ...
</form>

The user selects two different files.  However, both files have the same
name (they reside in different directories on the users computer).  So
the form is like:
  <input type="file" name="file1" value="somefile.jpg">  // This file
came from /home/user/pics1/somefile.jpg
  <input type="file" name="file2" value="somefile.jpg">  // This file
came from /home/user/pics2/somefile.jpg
Although both these files have the same name, they are different
contents (different images).

The user then submits the form.

My tomcat is configured to accept multipart/form-data posts.  Here is
the relevant portion in the WEB-INF/web.xml:
     <multipart-config>
       <max-file-size>505242880</max-file-size>
       <max-request-size>505242880</max-request-size>
       <file-size-threshold>5000</file-size-threshold>
       <location>/home/pics</location>
     </multipart-config>

Assuming both the files are larger than 5000 bytes, then both should be
saved in the /home/pics directory.
However (and this is the issue) given that they have the same name, then
one file over-writes the second file.  The result is that the "value" of
one of the input parameters is essentially lost.  Or to put it another
way, in the /home/pics directory, only a single file version of
"somefile.jpg" is saved, and one is lost (over-written).

I have reviewed the relevant RFC:
https://www.ietf.org/rfc/rfc2388.txt
However it is essentially silent on this particular issue.  The issue
being: how to handle multiple parts with the same name.

One possible solution is to ask the user to rename the files to be
unique before uploading.  That would be a work around for desktop/laptop
users.  However we actually discovered this issue on iOS devices... 
When Safari or Chrome on iOS use the form, then the form shows a
"Browse" button.  That button allows the user to take a picture with the
device camera.  The file name of the image is always "image.jpg".  Both
form fields have the same file name value, just "image.jpg".  This then
causes the problem.  There is no reasonable way to rename the files on
iOS devices that are captured from the camera.  On Android devices, as a
point of comparison, each camera image is saved with a unique file name,
and that is what the browser processes.

My desired solution would be to have the multipart processor work to be
able to handle this scenario.  I think the best solution would be to
rename the file when duplicates are found in the request.  Or something
similar.

I did a bunch of searching on the mailing list to see if this has come
up before.  I didn't find anything. Apologies if it is a solved issue
some how and I just didn't find it.

Thank-you for your help with this.
Alex.


Reply | Threaded
Open this post in threaded view
|

Re: multipart/form-data request with 2 files with the same name - possible bug

Mark Thomas-2
On 13/07/2020 18:33, Builder Lynx Demo wrote:

<snip/>

> My tomcat is configured to accept multipart/form-data posts.  Here is
> the relevant portion in the WEB-INF/web.xml:
>     <multipart-config>
>       <max-file-size>505242880</max-file-size>
>       <max-request-size>505242880</max-request-size>
>       <file-size-threshold>5000</file-size-threshold>
>       <location>/home/pics</location>
>     </multipart-config>
>
> Assuming both the files are larger than 5000 bytes, then both should be
> saved in the /home/pics directory.

This doesn't look right. The location is the *temporary* upload
location. Files are uploaded there but only kept until the request has
completed processing.

It is up to the application to copy the temporary files somewhere else.

Note also that the temporary files should have (form looking at the
upload code) unique names.

> However (and this is the issue) given that they have the same name, then
> one file over-writes the second file.

That looks like an application issue at this point. The application is
in control of whether the temporary files get copied anywhere else and
the names used for them if they are.

See this example from the Tomcat Manager application:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/manager/HTMLManagerServlet.java#L292

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]