In JFinal , the upload function getFile() handle uploading files in this way :
1、handle upload request and upload all of the files in request without any safety precautions.
2、then judge the upload files and delete the dangerous files by isSafeFile() function.
However, if I can try to create a exception which happened after upload and before isSafeFile() function , the dangerous files will upload to the server successfully.
So, I make a request like this
In my code , I just accept file param like getFile("file","test") ,However I send a request which have two params("file" and "batchId") , the code will upload jsp file to the server and stop running before isSafeFile() function, since the code will catch an exception "java.io.IOException: Content disposition corrupt: Content-Disposition: form-data: name="batchId"" .
The text was updated successfully, but these errors were encountered:
In JFinal , the upload function getFile() handle uploading files in this way :
1、handle upload request and upload all of the files in request without any safety precautions.
2、then judge the upload files and delete the dangerous files by isSafeFile() function.
However, if I can try to create a exception which happened after upload and before isSafeFile() function , the dangerous files will upload to the server successfully.
So, I make a request like this

In my code , I just accept file param like getFile("file","test") ,However I send a request which have two params("file" and "batchId") , the code will upload jsp file to the server and stop running before isSafeFile() function, since the code will catch an exception "java.io.IOException: Content disposition corrupt: Content-Disposition: form-data: name="batchId"" .
The text was updated successfully, but these errors were encountered: