Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HiddenHttpMethodFilter may disturb error rendering when handling malformed multipart request [SPR-15179] #19745

spring-projects-issues opened this issue Jan 23, 2017 · 0 comments
in: web type: bug


Copy link

@spring-projects-issues spring-projects-issues commented Jan 23, 2017

Andy Wilkinson opened SPR-15179 and commented

When HiddenHttpMethodFilter is involved in an error dispatch it may disturb error rendering if the error was caused by a failure when calling request.getParameter(String). In the case of the referenced Spring Boot issue, the failure is caused by a malformed multipart request.

The problem can be worked around by provided a custom filter that doesn't do anything when the javax.servlet.error.exception attribute is set:

public OrderedHiddenHttpMethodFilter hiddenHttpMethodFilter() {
    return new OrderedHiddenHttpMethodFilter() {

        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                FilterChain filterChain) throws ServletException, IOException {
            if (request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) != null) {
                filterChain.doFilter(request, response);
            else {
                super.doFilterInternal(request, response, filterChain);


This may be a bit too extreme, but I think it would be helpful if the filter did something similar by default.

Affects: 4.3.5

Reference URL: spring-projects/spring-boot#7936

Issue Links:

  • #19744 DispatcherServet.checkMultipart() does not consider javax.servlet.error.exception that has a MultipartException cause
  • #19748 CookieLocaleResolver may disturb error rendering when locale cookie has a malformed value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
in: web type: bug
None yet

No branches or pull requests

2 participants