HeroDevs
Visit NES for Apache Struts Home Page

NES for Apache Struts 1.x File Upload

NES for Apache Struts 1.x File Upload Information and Details

NES for Apache Struts 1.x File Upload

NES for Apache Struts 1.x includes support for file upload functionality with additional security features to protect against common vulnerabilities. The file upload component is designed to handle multipart/form-data requests securely, ensuring that uploaded files are processed safely.

Required Libraries

Switching to the NES for Apache Struts 1.x requires NES for Apache Commons FileUpload commons-fileupload to be on the classpath. This version includes security enhancements and bug fixes that are essential for secure file handling.

Use the maven coordinates below:

Group IDArtifact IDVersion
commons-fileuploadcommons-fileupload1.5.0-commons-fileupload-1.5.2

Or directly from the registry:

PortionValue
base_urlhttps://registry.nes.herodevs.com/maven/commons-fileupload/
package_namecommons-fileupload
version1.5.0-commons-fileupload-1.5.2
filenamepackage_name + version + extension

Example Link

https://registry.nes.herodevs.com/maven/commons-fileupload/commons-fileupload/1.5.0-commons-fileupload-1.5.2/commons-fileupload-1.5.0-commons-fileupload-1.5.2.pom

It's important to ensure that only the NES version of commons-fileupload is on the classpath to avoid conflicts and ensure that all security patches are applied. If you are using a build tool like Maven or Gradle, make sure to exclude any older versions of commons-fileupload that may be included as transitive dependencies. If using Ant, ensure that the correct version is included in your classpath.

Additional Struts Configuration for File Upload

struts-config.dtd defines the following additional configuration parameters for file upload handling:

Existing parameters
     maxFileSize     The maximum size (in bytes) of a file to be accepted as a
                     file upload.  Can be expressed as a number followed by a
                     "K", "M", or "G", which are interpreted to mean kilobytes,
                     megabytes, or gigabytes, respectively.
                     ["250M"]
New parameters
     maxSize         The maximum size (in bytes) of a complete request to be
                     accepted as a file upload. Can be expressed as a number
                     followed by a "K", "M", or "G", which are interpreted to
                     mean kilobytes, megabytes, or gigabytes, respectively.
                     ["256M"]

     maxStringLen    The maximum length (in bytes) of a string parameter in a
                     multipart request. Can be expressed as a number followed by a
                     "K", "M", or "G", which are interpreted to mean kilobytes,
                     megabytes, or gigabytes, respectively.
                     ["4K"]

     fileCountMax    The maximum permitted number of files that may be uploaded
                     in a single request. A value of -1 indicates no maximum.
                     ["-1"]

     maxHeaderSize   The maximum number of header bytes permitted per part in a request
                     where the content type is <code>multipart/form-data</code>. Requests that
                     exceed this limit will be rejected. A value of less than 0 means no limit.
                     ["512"]

example:

<struts-config>
  <!-- ... -->
  <controller fileCountMax="4" maxStringLen="1K" maxSize="5M" maxFileSize="1M" maxHeaderSize="256" inputForward="true" />
  <!-- ... -->
</struts-config>
Apache Struts Releases
Complete Changelog for NES for Apache Struts
Previous Article
All Projects
Next Article