auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/19/2002 - 05:20 |
http://61.144.28.245/hjc/mycgi/bbs/topic.cgi?forum=34&topic=212&show=0
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/19/2002 - 09:27 |
这个问题真的是websphere 的
huge,huge,huge,huge
bug, bug, bug, bug, bug
huge,huge,huge,huge
bug, bug, bug, bug, bug
huge,huge,huge,huge
bug, bug, bug, bug, bug
|
| |
guoww
初级会员
贴子数量 : 79
注册日期 : 4/25/2002 在线情况 : 离线
|
发表于: 6/19/2002 - 10:21 |
能否看看你的代码?
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/19/2002 - 12:31 |
/////////////////////////upload.htm//////////////////////////////////
<HTML>
<HEAD>
<TITLE>upload file </TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<form method="post" action="/upload.jsp" enctype="multipart/form-data">
File Name:<INPUT TYPE="file" NAME="file"><br>
<INPUT TYPE="reset"> <INPUT TYPE="submit" value="上传文件">
</form>
</BODY>
</HTML>
/////////////////////////upload.jsp//////////////////////////////////
<%@ page import="java.io.*" %>
<HTML>
<HEAD>
<TITLE>New Document</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<%
try
{
////用DataInputStream.readFully(dataBytes)的方式读取输入流
FileOutputStream fileOut=new FileOutputStream("c:\\temp\\temp12.txt");
DataInputStream din=new DataInputStream(request.getInputStream());
int formDataLength=request.getContentLength();
byte dataBytes[]=new byte[formDataLength];
int num=din.skipBytes(10);
out.print("num "+num+"<br>");
//由DataInputStream形成dataBytes
din.readFully(dataBytes,0,formDataLength-10);
//写文件
fileOut.write(dataBytes);
fileOut.close();
din.close();
//din.readByte(dataBytes);
out.print(new String(dataBytes));
out.println("succed");
}
catch(Exception fe)
{
out.println("failure"+" "+fe.toString());
}
%>
</BODY>
</HTML>
|
| |
jivetalkin
新手上路
贴子数量 : 3
注册日期 : 6/8/2002 在线情况 : 离线
|
 发表于: 6/20/2002 - 02:36 |
according to my experience, the code is not correct. I don't think WAS would have any problem uploading file.
|
| |
guoww
初级会员
贴子数量 : 79
注册日期 : 4/25/2002 在线情况 : 离线
|
发表于: 6/20/2002 - 05:54 |
早在WAS3.02时代,上传文件,就可以用几M了。但,时间太久了,我想不起代码如何写了。但我可以保证,WAS没有这个bug.
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/20/2002 - 06:35 |
不管你们怎么维护,你们应该试一下。
看看这个打印的内容,
DataInputStream din=new DataInputStream(request.getInputStream());
byte dataBytes[]=new byte[formDataLength];
//由DataInputStream形成dataBytes
din.readFully(dataBytes,0,formDataLength);
out.print(new String(dataBytes));
嘿嘿,你就知道他传过来的是什么东东了。
还有,不仅仅是传文件,普通表单输入元素 ,传的也是一样。
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/20/2002 - 06:39 |
有谁成功的话,欢迎指出我们的出错,
//////////////////////////
DataInputStream din=new DataInputStream(request.getInputStream());
int formDataLength=request.getContentLength();
byte dataBytes[]=new byte[formDataLength];
//由DataInputStream形成dataBytes
din.readFully(dataBytes,0,formDataLength);
out.print(new String(dataBytes));
///////////////////////////
|
| |
guoww
初级会员
贴子数量 : 79
注册日期 : 4/25/2002 在线情况 : 离线
|
发表于: 6/21/2002 - 09:05 |
首先,我保证可以上传很大的文件。
你的错误:
1。没有分析HTTP请求,没有将真正上传文件从其中分离出来。而是,统统把它们,都打出来。我已经看了你的代码。
2。在I/O操作是很消耗资源的,你用的是“din.readFully(dataBytes,0,formDataLength-10); "
建议用readLine()
3。要用buffer的想法。
不信:
你就试试:你按你的方法,只写一个类,不做上传,就坐本地I/O大文件复制。
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/23/2002 - 13:48 |
其实我这段代码的真正目的,是在显示服务器请求的内容是什么,还没有真正分析里面的内容,但是,我们在实际当中确实是发现了上传的混乱。
我冷静的思考过,估计问题是在确定长度的时候:
int formDataLength=request.getContentLength();
如果不是这样处理的话,需要如何处理?
|
| |
zycczwf
新手上路
贴子数量 : 28
注册日期 : 5/20/2002 在线情况 : 离线
|
发表于: 6/24/2002 - 05:05 |
你这样肯定把页面的请求信息头也都得到了。
我们做这方面功能的时候,用到了apache免费的一个前端控制工具包,你可以找找这方面的资源。
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/25/2002 - 04:17 |
apache免费的一个前端控制工具包?
怎样的名字,可以告知吗?
|
| |
guoww
初级会员
贴子数量 : 79
注册日期 : 4/25/2002 在线情况 : 离线
|
发表于: 6/25/2002 - 09:04 |
部分代码,仅供参考,可传几M的附件;//
// IRMultiDataFormParser constructor
//
// is - input stream
// streamSize - size of the input stream
//
public IRMultiDataFormParser(ServletInputStream is, int streamSize) throws IRException {
IRException irException = new IRException();
FileOutputStream fileOut = null;
StringBuffer sBuf = new StringBuffer();
byte[] bBuf = new byte[BUF_SIZE];
File aFile;
String dataSeparator;
String parameterName = "";
String parameterValue = "";
String parameterContentType = "";
String parameterContent = "";
String workingDir, workingFile, aLine;
boolean contentNotParse = true, noContentType;
Integer parameterContentSize;
int byteRead = 0, totalBytes = 0;
int totalFileBytes;
int i;
Random oFileName = new Random();
/* the first line is always the data separator */
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
// store data separator
aLine = new String(bBuf, 0, byteRead);
dataSeparator = aLine;
while (streamSize > totalBytes) {
// this must be the Content-Disposition where name and filename
// of parameter can be retrieved
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
aLine = null;
aLine = new String(bBuf, 0, byteRead);
if (byteRead > NAME_STRING.length()) {
if ((aLine.substring(0, NAME_STRING.length())).equals(NAME_STRING)) {
// store the parameter name
parameterName = aLine.substring(NAME_STRING.length(), aLine.indexOf("\"", NAME_STRING.length() + 1));
parameterNames.addElement(parameterName);
// store the parameter filename when the field contains a file
if (parameterName.equals(FILE_STRING)) {
parameterValue = aLine.substring(aLine.indexOf(FILENAME_STRING) + FILENAME_STRING.length(), aLine.indexOf("\"", aLine.indexOf(FILENAME_STRING) + FILENAME_STRING.length()));
parameterValues.addElement(parameterValue);
upLoadedFileName = parameterValue;
}
} else {
// data in input stream is corrupted
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + CORRUPTED_INPUT_STREAM + aLine);
throw irException;
}
}
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
// this must either be a blank line or the Content-Type if
// the section contains a file information
if (parameterName.equals(FILE_STRING)) {
noContentType = true;
// the blank line is not found
while (byteRead != 2) {
if (byteRead > CONTENT_TYPE_STRING.length()) {
aLine = null;
aLine = new String(bBuf, 0, byteRead);
if ((aLine.substring(0, CONTENT_TYPE_STRING.length())).equals(CONTENT_TYPE_STRING)) {
parameterContentType = aLine.substring(CONTENT_TYPE_STRING.length(), aLine.length());
parameterContentType = parameterContentType.trim();
parameterContentTypes.addElement(parameterContentType);
noContentType = false;
}
// read the next blank line
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
}
}
// this must be the blank line
if (noContentType) {
// set content type of this field to null
parameterContentTypes.addElement(null);
}
// file exists
if (parameterValue.length() > 0) {
// construct the full path filename
/*workingDir = IRCommon.workingDir;
if (workingDir.equals(null))
{
workingDir = "";
}*/
// If working dir does not exist, then create it **RC**
workingDir = "c:\\temp";
;
File dir = new File(workingDir); //???workingDir);
if (dir.isFile()) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + WORKING_DIR_IS_FILE);
throw irException;
} else
if (!dir.exists()) {
if (!dir.mkdirs()) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + WORKING_DIR_CREATE_ERROR);
throw irException;
}
}
// generate a filename that is not found in the working directory
/*
do
{
workingFile = oFileName.nextLong() + "";
parameterContent = workingDir + "\\" + workingFile;
// check whether the file already exists
aFile = null;
aFile = new File (workingDir, workingFile);
} while (aFile.exists());
*/
try {
//fileOut = new FileOutputStream(parameterContent);
/*String tmpFile = upLoadedFileName.substring(
upLoadedFileName.lastIndexOf("\\")+1,
upLoadedFileName.length());*/
String tmpFile = getParameter("targetFileName");
if (tmpFile == null || tmpFile.equals("")) {
tmpFile = upLoadedFileName.substring(upLoadedFileName.lastIndexOf("\\") + 1, upLoadedFileName.length());
}
File tmp_file = new File(workingDir + "\\" + tmpFile);
if (getParameter("OveriteOption") == null)
if (tmp_file.exists()) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + "File has exitsd! Please change name!");
throw irException;
}
fileOut = new FileOutputStream(workingDir + "\\" + tmpFile);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + FILE_OUTPUT_STREAM_IOEXCEPTION);
throw irException;
}
totalFileBytes = 0;
do {
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
totalFileBytes += byteRead;
aLine = null;
aLine = new String(bBuf, 0,0, byteRead);
if (aLine.length() == dataSeparator.length()) {
if (aLine.equals(dataSeparator)) {
try {
fileOut.close();
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + CLOSE_IOEXCEPTION);
throw irException;
}
parameterContents.addElement(parameterContent);
parameterContentSize = null;
totalFileBytes -= byteRead;
parameterContentSize = new Integer(totalFileBytes);
parameterContentSizes.addElement(parameterContentSize);
contentNotParse = false;
}
} else
if (aLine.length() > dataSeparator.length()) {
if (aLine.substring(0, dataSeparator.length() - 2).equals(dataSeparator.substring(0, dataSeparator.length() - 2))) {
try {
fileOut.close();
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + CLOSE_IOEXCEPTION);
throw irException;
}
parameterContents.addElement(parameterContent);
parameterContentSize = null;
totalFileBytes -= byteRead;
parameterContentSize = new Integer(totalFileBytes);
parameterContentSizes.addElement(parameterContentSize);
contentNotParse = false;
}
}
if (contentNotParse == true) {
try {
fileOut.write(bBuf, 0, byteRead);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + WRITE_IOEXCEPTION);
throw irException;
}
}
} while (contentNotParse); // end of do while (contentNotParse)
contentNotParse = true;
} else
// file does not exist
{
// set content of this field to null and the size to zero
parameterContents.addElement(null);
parameterContentSize = null;
parameterContentSize = new Integer(0);
parameterContentSizes.addElement(parameterContentSize);
do {
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
aLine = null;
aLine = new String(bBuf, 0, byteRead);
if (aLine.length() == dataSeparator.length()) {
if (aLine.equals(dataSeparator)) {
contentNotParse = false;
}
} else
if (aLine.length() > dataSeparator.length()) {
if (aLine.substring(0, dataSeparator.length() - 2).equals(dataSeparator.substring(0, dataSeparator.length() - 2))) {
contentNotParse = false;
}
}
} while (contentNotParse); // end of do while (contentNotParse)
contentNotParse = true;
}
} else
// not a file field
{
// ignore the blank line
// set content type of this field to null
parameterContentTypes.addElement(null);
// set content of this field to null and the size to zero
parameterContents.addElement(null);
parameterContentSize = null;
parameterContentSize = new Integer(0);
parameterContentSizes.addElement(parameterContentSize);
// obtain the parameter value of the parameter name
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
aLine = null;
aLine = new String(bBuf, 0, byteRead);
parameterValue = aLine.substring(0, aLine.length() - 2);
parameterValues.addElement(parameterValue);
// this is the data separator again
try {
byteRead = is.readLine(bBuf, 0, BUF_SIZE);
} catch (IOException e) {
irException.addMsg(M_IR_MULTI_DATA_FORM_PARSER + READLINE_IOEXCEPTION);
throw irException;
}
totalBytes += byteRead;
}
} // end while (streamSize > totalBytes)
} // end of IRMultiDataFormParser()
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/26/2002 - 14:02 |
请 guoww 关注一下我们在chinajavaworld上的讨论:
http://61.144.28.245/hjc/mycgi/bbs/topic.cgi?forum=34&topic=212&show=0
http://61.144.28.245/hjc/mycgi/bbs/topic.cgi?forum=34&topic=97
得出来的结论是:
was4.0确实有这样的漏洞,只不过,有可以补救的方法而已。
|
| |
auto163
新手上路
贴子数量 : 28
注册日期 : 6/19/2002 在线情况 : 离线
|
发表于: 6/26/2002 - 14:04 |
同时,那些分解数据的方法也找到了,不过还得谢谢你这么长时间的关注。
|
| |
