1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util;
20
21 import java.io.BufferedInputStream;
22 import java.io.BufferedOutputStream;
23 import java.io.ByteArrayInputStream;
24 import java.io.ByteArrayOutputStream;
25 import java.io.File;
26 import java.io.FileInputStream;
27 import java.io.FileOutputStream;
28 import java.io.FilterInputStream;
29 import java.io.IOException;
30 import java.io.InputStream;
31 import java.io.OutputStream;
32 import java.nio.charset.StandardCharsets;
33 import java.util.ArrayList;
34 import java.util.Collection;
35 import java.util.Collections;
36 import java.util.List;
37 import java.util.Locale;
38
39 import javax.servlet.MultipartConfigElement;
40 import javax.servlet.ServletException;
41 import javax.servlet.http.Part;
42
43 import org.eclipse.jetty.util.log.Log;
44 import org.eclipse.jetty.util.log.Logger;
45
46
47
48
49
50
51
52
53 public class MultiPartInputStreamParser
54 {
55 private static final Logger LOG = Log.getLogger(MultiPartInputStreamParser.class);
56 public static final MultipartConfigElement __DEFAULT_MULTIPART_CONFIG = new MultipartConfigElement(System.getProperty("java.io.tmpdir"));
57 protected InputStream _in;
58 protected MultipartConfigElement _config;
59 protected String _contentType;
60 protected MultiMap _parts;
61 protected File _tmpDir;
62 protected File _contextTmpDir;
63 protected boolean _deleteOnExit;
64
65
66
67 public class MultiPart implements Part
68 {
69 protected String _name;
70 protected String _filename;
71 protected File _file;
72 protected OutputStream _out;
73 protected ByteArrayOutputStream2 _bout;
74 protected String _contentType;
75 protected MultiMap _headers;
76 protected long _size = 0;
77 protected boolean _temporary = true;
78
79 public MultiPart (String name, String filename)
80 throws IOException
81 {
82 _name = name;
83 _filename = filename;
84 }
85
86 protected void setContentType (String contentType)
87 {
88 _contentType = contentType;
89 }
90
91
92 protected void open()
93 throws IOException
94 {
95
96
97
98 if (_filename != null && _filename.trim().length() > 0)
99 {
100 createFile();
101 }
102 else
103 {
104
105
106 _out = _bout= new ByteArrayOutputStream2();
107 }
108 }
109
110 protected void close()
111 throws IOException
112 {
113 _out.close();
114 }
115
116
117 protected void write (int b)
118 throws IOException
119 {
120 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getMaxFileSize())
121 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
122
123 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
124 createFile();
125 _out.write(b);
126 _size ++;
127 }
128
129 protected void write (byte[] bytes, int offset, int length)
130 throws IOException
131 {
132 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + length > MultiPartInputStreamParser.this._config.getMaxFileSize())
133 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
134
135 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + length > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
136 createFile();
137
138 _out.write(bytes, offset, length);
139 _size += length;
140 }
141
142 protected void createFile ()
143 throws IOException
144 {
145 _file = File.createTempFile("MultiPart", "", MultiPartInputStreamParser.this._tmpDir);
146 if (_deleteOnExit)
147 _file.deleteOnExit();
148 FileOutputStream fos = new FileOutputStream(_file);
149 BufferedOutputStream bos = new BufferedOutputStream(fos);
150
151 if (_size > 0 && _out != null)
152 {
153
154 _out.flush();
155 _bout.writeTo(bos);
156 _out.close();
157 _bout = null;
158 }
159 _out = bos;
160 }
161
162
163
164 protected void setHeaders(MultiMap headers)
165 {
166 _headers = headers;
167 }
168
169
170
171
172 public String getContentType()
173 {
174 return _contentType;
175 }
176
177
178
179
180 public String getHeader(String name)
181 {
182 if (name == null)
183 return null;
184 return (String)_headers.getValue(name.toLowerCase(Locale.ENGLISH), 0);
185 }
186
187
188
189
190 public Collection<String> getHeaderNames()
191 {
192 return _headers.keySet();
193 }
194
195
196
197
198 public Collection<String> getHeaders(String name)
199 {
200 return _headers.getValues(name);
201 }
202
203
204
205
206 public InputStream getInputStream() throws IOException
207 {
208 if (_file != null)
209 {
210
211 return new BufferedInputStream (new FileInputStream(_file));
212 }
213 else
214 {
215
216 return new ByteArrayInputStream(_bout.getBuf(),0,_bout.size());
217 }
218 }
219
220 public byte[] getBytes()
221 {
222 if (_bout!=null)
223 return _bout.toByteArray();
224 return null;
225 }
226
227
228
229
230 public String getName()
231 {
232 return _name;
233 }
234
235
236
237
238 public long getSize()
239 {
240 return _size;
241 }
242
243
244
245
246 public void write(String fileName) throws IOException
247 {
248 if (_file == null)
249 {
250 _temporary = false;
251
252
253 _file = new File (_tmpDir, fileName);
254
255 BufferedOutputStream bos = null;
256 try
257 {
258 bos = new BufferedOutputStream(new FileOutputStream(_file));
259 _bout.writeTo(bos);
260 bos.flush();
261 }
262 finally
263 {
264 if (bos != null)
265 bos.close();
266 _bout = null;
267 }
268 }
269 else
270 {
271
272 _temporary = false;
273
274 File f = new File(_tmpDir, fileName);
275 if (_file.renameTo(f))
276 _file = f;
277 }
278 }
279
280
281
282
283
284
285 public void delete() throws IOException
286 {
287 if (_file != null && _file.exists())
288 _file.delete();
289 }
290
291
292
293
294
295
296 public void cleanUp() throws IOException
297 {
298 if (_temporary && _file != null && _file.exists())
299 _file.delete();
300 }
301
302
303
304
305
306
307 public File getFile ()
308 {
309 return _file;
310 }
311
312
313
314
315
316
317 public String getContentDispositionFilename ()
318 {
319 return _filename;
320 }
321 }
322
323
324
325
326
327
328
329
330
331
332 public MultiPartInputStreamParser (InputStream in, String contentType, MultipartConfigElement config, File contextTmpDir)
333 {
334 _in = new ReadLineInputStream(in);
335 _contentType = contentType;
336 _config = config;
337 _contextTmpDir = contextTmpDir;
338 if (_contextTmpDir == null)
339 _contextTmpDir = new File (System.getProperty("java.io.tmpdir"));
340
341 if (_config == null)
342 _config = new MultipartConfigElement(_contextTmpDir.getAbsolutePath());
343 }
344
345
346
347
348
349
350 public Collection<Part> getParsedParts()
351 {
352 if (_parts == null)
353 return Collections.emptyList();
354
355 Collection<Object> values = _parts.values();
356 List<Part> parts = new ArrayList<Part>();
357 for (Object o: values)
358 {
359 List<Part> asList = LazyList.getList(o, false);
360 parts.addAll(asList);
361 }
362 return parts;
363 }
364
365
366
367
368
369
370 public void deleteParts ()
371 throws MultiException
372 {
373 Collection<Part> parts = getParsedParts();
374 MultiException err = new MultiException();
375 for (Part p:parts)
376 {
377 try
378 {
379 ((MultiPartInputStreamParser.MultiPart)p).cleanUp();
380 }
381 catch(Exception e)
382 {
383 err.add(e);
384 }
385 }
386 _parts.clear();
387
388 err.ifExceptionThrowMulti();
389 }
390
391
392
393
394
395
396
397
398
399 public Collection<Part> getParts()
400 throws IOException, ServletException
401 {
402 parse();
403 Collection<Object> values = _parts.values();
404 List<Part> parts = new ArrayList<Part>();
405 for (Object o: values)
406 {
407 List<Part> asList = LazyList.getList(o, false);
408 parts.addAll(asList);
409 }
410 return parts;
411 }
412
413
414
415
416
417
418
419
420
421
422 public Part getPart(String name)
423 throws IOException, ServletException
424 {
425 parse();
426 return (Part)_parts.getValue(name, 0);
427 }
428
429
430
431
432
433
434
435
436 protected void parse ()
437 throws IOException, ServletException
438 {
439
440 if (_parts != null)
441 return;
442
443
444 long total = 0;
445 _parts = new MultiMap();
446
447
448 if (_contentType == null || !_contentType.startsWith("multipart/form-data"))
449 return;
450
451
452
453 if (_config.getLocation() == null)
454 _tmpDir = _contextTmpDir;
455 else if ("".equals(_config.getLocation()))
456 _tmpDir = _contextTmpDir;
457 else
458 {
459 File f = new File (_config.getLocation());
460 if (f.isAbsolute())
461 _tmpDir = f;
462 else
463 _tmpDir = new File (_contextTmpDir, _config.getLocation());
464 }
465
466 if (!_tmpDir.exists())
467 _tmpDir.mkdirs();
468
469 String contentTypeBoundary = "";
470 int bstart = _contentType.indexOf("boundary=");
471 if (bstart >= 0)
472 {
473 int bend = _contentType.indexOf(";", bstart);
474 bend = (bend < 0? _contentType.length(): bend);
475 contentTypeBoundary = QuotedStringTokenizer.unquote(value(_contentType.substring(bstart,bend)).trim());
476 }
477
478 String boundary="--"+contentTypeBoundary;
479 byte[] byteBoundary=(boundary+"--").getBytes(StandardCharsets.ISO_8859_1);
480
481
482 String line = null;
483 try
484 {
485 line=((ReadLineInputStream)_in).readLine();
486 }
487 catch (IOException e)
488 {
489 LOG.warn("Badly formatted multipart request");
490 throw e;
491 }
492
493 if (line == null)
494 throw new IOException("Missing content for multipart request");
495
496 boolean badFormatLogged = false;
497 line=line.trim();
498 while (line != null && !line.equals(boundary))
499 {
500 if (!badFormatLogged)
501 {
502 LOG.warn("Badly formatted multipart request");
503 badFormatLogged = true;
504 }
505 line=((ReadLineInputStream)_in).readLine();
506 line=(line==null?line:line.trim());
507 }
508
509 if (line == null)
510 throw new IOException("Missing initial multi part boundary");
511
512
513 boolean lastPart=false;
514
515 outer:while(!lastPart)
516 {
517 String contentDisposition=null;
518 String contentType=null;
519 String contentTransferEncoding=null;
520
521 MultiMap headers = new MultiMap();
522 while(true)
523 {
524 line=((ReadLineInputStream)_in).readLine();
525
526
527 if(line==null)
528 break outer;
529
530
531 if("".equals(line))
532 break;
533
534 total += line.length();
535 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
536 throw new IllegalStateException ("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
537
538
539 int c=line.indexOf(':',0);
540 if(c>0)
541 {
542 String key=line.substring(0,c).trim().toLowerCase(Locale.ENGLISH);
543 String value=line.substring(c+1,line.length()).trim();
544 headers.put(key, value);
545 if (key.equalsIgnoreCase("content-disposition"))
546 contentDisposition=value;
547 if (key.equalsIgnoreCase("content-type"))
548 contentType = value;
549 if(key.equals("content-transfer-encoding"))
550 contentTransferEncoding=value;
551 }
552 }
553
554
555 boolean form_data=false;
556 if(contentDisposition==null)
557 {
558 throw new IOException("Missing content-disposition");
559 }
560
561 QuotedStringTokenizer tok=new QuotedStringTokenizer(contentDisposition,";", false, true);
562 String name=null;
563 String filename=null;
564 while(tok.hasMoreTokens())
565 {
566 String t=tok.nextToken().trim();
567 String tl=t.toLowerCase(Locale.ENGLISH);
568 if(t.startsWith("form-data"))
569 form_data=true;
570 else if(tl.startsWith("name="))
571 name=value(t);
572 else if(tl.startsWith("filename="))
573 filename=filenameValue(t);
574 }
575
576
577 if(!form_data)
578 {
579 continue;
580 }
581
582
583
584
585
586 if(name==null)
587 {
588 continue;
589 }
590
591
592 MultiPart part = new MultiPart(name, filename);
593 part.setHeaders(headers);
594 part.setContentType(contentType);
595 _parts.add(name, part);
596 part.open();
597
598 InputStream partInput = null;
599 if ("base64".equalsIgnoreCase(contentTransferEncoding))
600 {
601 partInput = new Base64InputStream((ReadLineInputStream)_in);
602 }
603 else if ("quoted-printable".equalsIgnoreCase(contentTransferEncoding))
604 {
605 partInput = new FilterInputStream(_in)
606 {
607 @Override
608 public int read() throws IOException
609 {
610 int c = in.read();
611 if (c >= 0 && c == '=')
612 {
613 int hi = in.read();
614 int lo = in.read();
615 if (hi < 0 || lo < 0)
616 {
617 throw new IOException("Unexpected end to quoted-printable byte");
618 }
619 char[] chars = new char[] { (char)hi, (char)lo };
620 c = Integer.parseInt(new String(chars),16);
621 }
622 return c;
623 }
624 };
625 }
626 else
627 partInput = _in;
628
629
630 try
631 {
632 int state=-2;
633 int c;
634 boolean cr=false;
635 boolean lf=false;
636
637
638 while(true)
639 {
640 int b=0;
641 while((c=(state!=-2)?state:partInput.read())!=-1)
642 {
643 total ++;
644 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
645 throw new IllegalStateException("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
646
647 state=-2;
648
649
650 if(c==13||c==10)
651 {
652 if(c==13)
653 {
654 partInput.mark(1);
655 int tmp=partInput.read();
656 if (tmp!=10)
657 partInput.reset();
658 else
659 state=tmp;
660 }
661 break;
662 }
663
664
665 if(b>=0&&b<byteBoundary.length&&c==byteBoundary[b])
666 {
667 b++;
668 }
669 else
670 {
671
672
673 if(cr)
674 part.write(13);
675
676 if(lf)
677 part.write(10);
678
679 cr=lf=false;
680 if(b>0)
681 part.write(byteBoundary,0,b);
682
683 b=-1;
684 part.write(c);
685 }
686 }
687
688
689 if((b>0&&b<byteBoundary.length-2)||(b==byteBoundary.length-1))
690 {
691 if(cr)
692 part.write(13);
693
694 if(lf)
695 part.write(10);
696
697 cr=lf=false;
698 part.write(byteBoundary,0,b);
699 b=-1;
700 }
701
702
703 if(b>0||c==-1)
704 {
705
706 if(b==byteBoundary.length)
707 lastPart=true;
708 if(state==10)
709 state=-2;
710 break;
711 }
712
713
714 if(cr)
715 part.write(13);
716
717 if(lf)
718 part.write(10);
719
720 cr=(c==13);
721 lf=(c==10||state==10);
722 if(state==10)
723 state=-2;
724 }
725 }
726 finally
727 {
728
729 part.close();
730 }
731 }
732 if (!lastPart)
733 throw new IOException("Incomplete parts");
734 }
735
736 public void setDeleteOnExit(boolean deleteOnExit)
737 {
738 _deleteOnExit = deleteOnExit;
739 }
740
741
742 public boolean isDeleteOnExit()
743 {
744 return _deleteOnExit;
745 }
746
747
748
749 private String value(String nameEqualsValue)
750 {
751 int idx = nameEqualsValue.indexOf('=');
752 String value = nameEqualsValue.substring(idx+1).trim();
753 return QuotedStringTokenizer.unquoteOnly(value);
754 }
755
756
757
758 private String filenameValue(String nameEqualsValue)
759 {
760 int idx = nameEqualsValue.indexOf('=');
761 String value = nameEqualsValue.substring(idx+1).trim();
762
763 if (value.matches(".??[a-z,A-Z]\\:\\\\[^\\\\].*"))
764 {
765
766
767 char first=value.charAt(0);
768 if (first=='"' || first=='\'')
769 value=value.substring(1);
770 char last=value.charAt(value.length()-1);
771 if (last=='"' || last=='\'')
772 value = value.substring(0,value.length()-1);
773
774 return value;
775 }
776 else
777
778
779
780
781 return QuotedStringTokenizer.unquoteOnly(value, true);
782 }
783
784
785
786 private static class Base64InputStream extends InputStream
787 {
788 ReadLineInputStream _in;
789 String _line;
790 byte[] _buffer;
791 int _pos;
792
793
794 public Base64InputStream(ReadLineInputStream rlis)
795 {
796 _in = rlis;
797 }
798
799 @Override
800 public int read() throws IOException
801 {
802 if (_buffer==null || _pos>= _buffer.length)
803 {
804
805
806
807
808 _line = _in.readLine();
809 if (_line==null)
810 return -1;
811 if (_line.startsWith("--"))
812 _buffer=(_line+"\r\n").getBytes();
813 else if (_line.length()==0)
814 _buffer="\r\n".getBytes();
815 else
816 {
817 ByteArrayOutputStream baos = new ByteArrayOutputStream((4*_line.length()/3)+2);
818 B64Code.decode(_line, baos);
819 baos.write(13);
820 baos.write(10);
821 _buffer = baos.toByteArray();
822 }
823
824 _pos=0;
825 }
826
827 return _buffer[_pos++];
828 }
829 }
830 }