struts2-secure-jakarta-multipart-parser-plugin/src/main/java/org/apache/struts/extras/SecureJakartaMultipartParser.java - struts-extras - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.struts.extras;

 import com.opensymphony.xwork2.LocaleProvider;
 import com.opensymphony.xwork2.inject.Inject;
 import com.opensymphony.xwork2.util.LocalizedTextUtil;
 import com.opensymphony.xwork2.util.logging.Logger;
 import com.opensymphony.xwork2.util.logging.LoggerFactory;
 import org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest;

 import java.util.Locale;

 public class SecureJakartaMultipartParser extends JakartaMultiPartRequest {

     private static final Logger LOG = LoggerFactory.getLogger(SecureJakartaMultipartParser.class);

     private Locale defaultLocale;

     public SecureJakartaMultipartParser() {
         LOG.info("This is a secure implementation of the Struts Jakarta Multipart parser, " +
                 "this implementation is safe against vulnerability described in the S2-045/S2-046 Security Bulletins.");
     }

     @Inject
     public void setLocaleProvider(LocaleProvider provider) {
         defaultLocale = provider.getLocale();
     }

     protected String buildErrorMessage(Throwable e, Object[] args) {
         String errorKey = "struts.messages.upload.error." + e.getClass().getSimpleName();

         if (LOG.isDebugEnabled()) {
             LOG.debug("Preparing error message for key: [#0]", errorKey);
         }

         if (LocalizedTextUtil.findText(this.getClass(), errorKey, defaultLocale, null, new Object[0]) == null) {
             return LocalizedTextUtil.findText(this.getClass(), "struts.messages.error.uploading", defaultLocale, null, new Object[] { e.getMessage() });
         } else {
             return LocalizedTextUtil.findText(this.getClass(), errorKey, defaultLocale, null, args);
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.struts.extras;

	import com.opensymphony.xwork2.LocaleProvider;
	import com.opensymphony.xwork2.inject.Inject;
	import com.opensymphony.xwork2.util.LocalizedTextUtil;
	import com.opensymphony.xwork2.util.logging.Logger;
	import com.opensymphony.xwork2.util.logging.LoggerFactory;
	import org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest;

	import java.util.Locale;

	public class SecureJakartaMultipartParser extends JakartaMultiPartRequest {

	private static final Logger LOG = LoggerFactory.getLogger(SecureJakartaMultipartParser.class);

	private Locale defaultLocale;

	public SecureJakartaMultipartParser() {
	LOG.info("This is a secure implementation of the Struts Jakarta Multipart parser, " +
	"this implementation is safe against vulnerability described in the S2-045/S2-046 Security Bulletins.");
	}

	@Inject
	public void setLocaleProvider(LocaleProvider provider) {
	defaultLocale = provider.getLocale();
	}

	protected String buildErrorMessage(Throwable e, Object[] args) {
	String errorKey = "struts.messages.upload.error." + e.getClass().getSimpleName();

	if (LOG.isDebugEnabled()) {
	LOG.debug("Preparing error message for key: [#0]", errorKey);
	}

	if (LocalizedTextUtil.findText(this.getClass(), errorKey, defaultLocale, null, new Object[0]) == null) {
	return LocalizedTextUtil.findText(this.getClass(), "struts.messages.error.uploading", defaultLocale, null, new Object[] { e.getMessage() });
	} else {
	return LocalizedTextUtil.findText(this.getClass(), errorKey, defaultLocale, null, args);
	}
	}
	}