Improved: Increase the size of http.upload.max.sizethreshold

(OFBIZ-11598)

That's rather refactoring to avoid to have the size hardcoded in several places
Next: ask if it's OK for everyone to increase the size

applications/content/src/main/java/org/apache/ofbiz/content/content/UploadContentAndImage.java

@@ -18,6 +18,7 @@
  *******************************************************************************/
 package org.apache.ofbiz.content.content;
 
+import java.io.File;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -33,7 +34,6 @@
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.ofbiz.base.util.Debug;
-import org.apache.ofbiz.base.util.FileUtil;
 import org.apache.ofbiz.base.util.StringUtil;
 import org.apache.ofbiz.base.util.UtilDateTime;
 import org.apache.ofbiz.base.util.UtilGenerics;
@@ -76,10 +76,15 @@ public static String uploadContentAndImage(HttpServletRequest request, HttpServl
             HttpSession session = request.getSession();
             GenericValue userLogin = (GenericValue)session.getAttribute("userLogin");
 
-            ServletFileUpload dfu = new ServletFileUpload(new DiskFileItemFactory(10240, FileUtil.getFile("runtime/tmp")));
+            long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+            int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+            File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+            ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+            upload.setSizeMax(maxUploadSize);
             List<FileItem> lst = null;
             try {
-                lst = UtilGenerics.cast(dfu.parseRequest(request));
+                lst = UtilGenerics.cast(upload.parseRequest(request));
             } catch (FileUploadException e4) {
                 request.setAttribute("_ERROR_MESSAGE_", e4.getMessage());
                 Debug.logError("[UploadContentAndImage.uploadContentAndImage] " + e4.getMessage(), MODULE);
@@ -188,7 +193,7 @@ public static String uploadContentAndImage(HttpServletRequest request, HttpServl
 
             if (UtilValidate.isEmpty(ftlContentId)) {
                 ftlContentId = passedContentId;
-            }   
+            }
 
             String ftlDataResourceId = drid;
 
@@ -335,11 +340,18 @@ public static String uploadContentStuff(HttpServletRequest request, HttpServletR
         try {
             HttpSession session = request.getSession();
             GenericValue userLogin = (GenericValue)session.getAttribute("userLogin");
+            Delegator delegator = (Delegator)request.getAttribute("delegator");
+
+            long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+            int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+            File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+            ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+            upload.setSizeMax(maxUploadSize);
 
-            ServletFileUpload dfu = new ServletFileUpload(new DiskFileItemFactory(10240, FileUtil.getFile("runtime/tmp")));
             List<FileItem> lst = null;
             try {
-                lst = UtilGenerics.cast(dfu.parseRequest(request));
+                lst = UtilGenerics.cast(upload.parseRequest(request));
             } catch (FileUploadException e4) {
                 request.setAttribute("_ERROR_MESSAGE_", e4.getMessage());
                 Debug.logError("[UploadContentAndImage.uploadContentAndImage] " + e4.getMessage(), MODULE);

applications/content/src/main/java/org/apache/ofbiz/content/layout/LayoutWorker.java

@@ -36,6 +36,7 @@
 import org.apache.ofbiz.base.util.UtilMisc;
 import org.apache.ofbiz.base.util.UtilProperties;
 import org.apache.ofbiz.base.util.UtilValidate;
+import org.apache.ofbiz.entity.Delegator;
 import org.apache.ofbiz.service.ServiceUtil;
 
 /**
@@ -59,10 +60,19 @@ public static Map<String, Object> uploadImageAndParameters(HttpServletRequest re
         Map<String, Object> results = new HashMap<>();
         Map<String, String> formInput = new HashMap<>();
         results.put("formInput", formInput);
-        ServletFileUpload fu = new ServletFileUpload(new DiskFileItemFactory(10240, new File(new File("runtime"), "tmp")));
+
+        Delegator delegator = (Delegator)request.getAttribute("delegator");
+
+        long maxUploadSize = UtilHttp.getMaxUploadSize(delegator);
+        int sizeThreshold = UtilHttp.getSizeThreshold(delegator);
+        File tmpUploadRepository = UtilHttp.getTmpUploadRepository(delegator);
+
+        ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+        upload.setSizeMax(maxUploadSize);
+
         List<FileItem> lst = null;
         try {
-           lst = UtilGenerics.cast(fu.parseRequest(request));
+           lst = UtilGenerics.cast(upload.parseRequest(request));
         } catch (FileUploadException e4) {
             return ServiceUtil.returnError(e4.getMessage());
         }
@@ -98,7 +108,7 @@ public static Map<String, Object> uploadImageAndParameters(HttpServletRequest re
         }
 
         if (imageFi == null) {
-            String errMsg = UtilProperties.getMessage(err_resource, 
+            String errMsg = UtilProperties.getMessage(err_resource,
                     "layoutEvents.image_null", UtilMisc.toMap("imageFi", imageFi), locale);
             request.setAttribute("_ERROR_MESSAGE_", errMsg);
             return null;

framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

@@ -66,7 +66,6 @@
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.fileupload.servlet.ServletRequestContext;
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
@@ -183,32 +182,16 @@ public static Map<String, Object> getMultiPartParameterMap(HttpServletRequest re
         HttpSession session = request.getSession();
         boolean isMultiPart = ServletFileUpload.isMultipartContent(request);
         if (isMultiPart) {
-            // get the http upload configuration
-            String maxSizeStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.size", "-1", delegator);
-            long maxUploadSize = -1;
-            try {
-                maxUploadSize = Long.parseLong(maxSizeStr);
-            } catch (NumberFormatException e) {
-                Debug.logError(e, "Unable to obtain the max upload size from general.properties; using default -1", MODULE);
-                maxUploadSize = -1;
-            }
-            // get the http size threshold configuration - files bigger than this will be
-            // temporarly stored on disk during upload
-            String sizeThresholdStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.sizethreshold", "10240", delegator);
-            int sizeThreshold = 10240; // 10K
-            try {
-                sizeThreshold = Integer.parseInt(sizeThresholdStr);
-            } catch (NumberFormatException e) {
-                Debug.logError(e, "Unable to obtain the threshold size from general.properties; using default 10K", MODULE);
-                sizeThreshold = -1;
-            }
-            // directory used to temporarily store files that are larger than the configured size threshold
-            String tmpUploadRepository = EntityUtilProperties.getPropertyValue("general", "http.upload.tmprepository", "runtime/tmp", delegator);
+            long maxUploadSize = getMaxUploadSize(delegator);
+            int sizeThreshold = getSizeThreshold(delegator);
+            File tmpUploadRepository = getTmpUploadRepository(delegator);
+
             String encoding = request.getCharacterEncoding();
             // check for multipart content types which may have uploaded items
 
-            ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, new File(tmpUploadRepository)));
-
+            ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory(sizeThreshold, tmpUploadRepository));
+            upload.setSizeMax(maxUploadSize);
+
             // create the progress listener and add it to the session
             FileUploadProgressListener listener = new FileUploadProgressListener();
             upload.setProgressListener(listener);
@@ -217,7 +200,6 @@ public static Map<String, Object> getMultiPartParameterMap(HttpServletRequest re
             if (encoding != null) {
                 upload.setHeaderEncoding(encoding);
             }
-            upload.setSizeMax(maxUploadSize);
 
             List<FileItem> uploadedItems = null;
             try {
@@ -288,6 +270,53 @@ public static Map<String, Object> getMultiPartParameterMap(HttpServletRequest re
         return multiPartMap;
     }
 
+    /**
+     * @param delegator
+     * @return maxUploadSize
+     */
+    public static long getMaxUploadSize(Delegator delegator) {
+        // get the HTTP upload configuration
+        String maxSizeStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.size", "-1", delegator);
+        long maxUploadSize = -1;
+        try {
+            maxUploadSize = Long.parseLong(maxSizeStr);
+        } catch (NumberFormatException e) {
+            Debug.logError(e, "Unable to obtain the max upload size from general.properties; using default -1", MODULE);
+            maxUploadSize = -1;
+        }
+        return maxUploadSize;
+    }
+
+    /**
+     * @param delegator
+     * @return sizeThreshold
+     */
+    public static int getSizeThreshold(Delegator delegator) {
+        // get the HTTP size threshold configuration - files bigger than this will be
+        // temporarily stored on disk during upload
+        String sizeThresholdStr = EntityUtilProperties.getPropertyValue("general", "http.upload.max.sizethreshold",
+                "10240", delegator);
+        int sizeThreshold = 10240; // 10K
+        try {
+            sizeThreshold = Integer.parseInt(sizeThresholdStr);
+        } catch (NumberFormatException e) {
+            Debug.logError(e, "Unable to obtain the threshold size from general.properties; using default 10K", MODULE);
+            sizeThreshold = -1;
+        }
+        return sizeThreshold;
+    }
+
+    /**
+     * @param delegator
+     * @return tmpUploadRepository
+     */
+    public static File getTmpUploadRepository(Delegator delegator) {
+        // directory used to temporarily store files that are larger than the configured size threshold
+        String tmpUploadRepository = EntityUtilProperties.getPropertyValue("general", "http.upload.tmprepository",
+                "runtime/tmp", delegator);
+        return new File(tmpUploadRepository);
+    }
+
     public static Map<String, Object> getQueryStringOnlyParameterMap(String queryString) {
         Map<String, Object> paramMap = new HashMap<>();
         if (UtilValidate.isNotEmpty(queryString)) {
@@ -650,7 +679,7 @@ public static String getApplicationName(HttpServletRequest request) {
         if (request.getContextPath().length() > 1) {
             appName = request.getContextPath().substring(1);
         }
-        // When you set a mountpoint which contains a slash inside its name (ie not only a slash as a trailer, which is possible), 
+        // When you set a mountpoint which contains a slash inside its name (ie not only a slash as a trailer, which is possible),
         // as it's needed with OFBIZ-10765, OFBiz tries to create a cookie with a slash in its name and that's impossible.
         return appName.replaceAll("/","_");
     }
@@ -1117,18 +1146,18 @@ public static void setResponseBrowserDefaultSecurityHeaders(HttpServletResponse
             }
         }
 
-        /** The only x-content-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. 
+        /** The only x-content-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
          This also applies to Google Chrome, when downloading extensions. */
         resp.addHeader("x-content-type-options", "nosniff");
 
-         /** This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. 
-         It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. 
+         /** This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
+         It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
          This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.
          FireFox has still an open bug entry and "offers" only the noscript plugin
-         https://wiki.mozilla.org/Security/Features/XSS_Filter 
+         https://wiki.mozilla.org/Security/Features/XSS_Filter
          https://bugzilla.mozilla.org/show_bug.cgi?id=528661
          **/
-        resp.addHeader("X-XSS-Protection","1; mode=block"); 
+        resp.addHeader("X-XSS-Protection","1; mode=block");
 
         resp.setHeader("Referrer-Policy", "no-referrer-when-downgrade"); // This is the default (in Firefox at least)