1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util;
20
21 import java.io.BufferedInputStream;
22 import java.io.BufferedOutputStream;
23 import java.io.ByteArrayInputStream;
24 import java.io.ByteArrayOutputStream;
25 import java.io.File;
26 import java.io.FileInputStream;
27 import java.io.FileOutputStream;
28 import java.io.FilterInputStream;
29 import java.io.IOException;
30 import java.io.InputStream;
31 import java.io.OutputStream;
32 import java.nio.charset.StandardCharsets;
33 import java.nio.file.Files;
34 import java.nio.file.Path;
35 import java.nio.file.StandardCopyOption;
36 import java.util.ArrayList;
37 import java.util.Collection;
38 import java.util.Collections;
39 import java.util.List;
40 import java.util.Locale;
41
42 import javax.servlet.MultipartConfigElement;
43 import javax.servlet.http.Part;
44
45 import org.eclipse.jetty.util.log.Log;
46 import org.eclipse.jetty.util.log.Logger;
47
48
49
50
51
52
53
54
55 public class MultiPartInputStreamParser
56 {
57 private static final Logger LOG = Log.getLogger(MultiPartInputStreamParser.class);
58 public static final MultipartConfigElement __DEFAULT_MULTIPART_CONFIG = new MultipartConfigElement(System.getProperty("java.io.tmpdir"));
59 protected InputStream _in;
60 protected MultipartConfigElement _config;
61 protected String _contentType;
62 protected MultiMap<Part> _parts;
63 protected File _tmpDir;
64 protected File _contextTmpDir;
65 protected boolean _deleteOnExit;
66
67
68
69 public class MultiPart implements Part
70 {
71 protected String _name;
72 protected String _filename;
73 protected File _file;
74 protected OutputStream _out;
75 protected ByteArrayOutputStream2 _bout;
76 protected String _contentType;
77 protected MultiMap<String> _headers;
78 protected long _size = 0;
79 protected boolean _temporary = true;
80
81 public MultiPart (String name, String filename)
82 throws IOException
83 {
84 _name = name;
85 _filename = filename;
86 }
87
88 protected void setContentType (String contentType)
89 {
90 _contentType = contentType;
91 }
92
93
94 protected void open()
95 throws IOException
96 {
97
98
99 _out = _bout= new ByteArrayOutputStream2();
100 }
101
102 protected void close()
103 throws IOException
104 {
105 _out.close();
106 }
107
108
109 protected void write (int b)
110 throws IOException
111 {
112 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getMaxFileSize())
113 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
114
115 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
116 createFile();
117
118 _out.write(b);
119 _size ++;
120 }
121
122 protected void write (byte[] bytes, int offset, int length)
123 throws IOException
124 {
125 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + length > MultiPartInputStreamParser.this._config.getMaxFileSize())
126 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
127
128 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + length > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
129 createFile();
130
131 _out.write(bytes, offset, length);
132 _size += length;
133 }
134
135 protected void createFile ()
136 throws IOException
137 {
138 _file = File.createTempFile("MultiPart", "", MultiPartInputStreamParser.this._tmpDir);
139
140 if (_deleteOnExit)
141 _file.deleteOnExit();
142 FileOutputStream fos = new FileOutputStream(_file);
143 BufferedOutputStream bos = new BufferedOutputStream(fos);
144
145 if (_size > 0 && _out != null)
146 {
147
148 _out.flush();
149 _bout.writeTo(bos);
150 _out.close();
151 _bout = null;
152 }
153 _out = bos;
154 }
155
156
157
158 protected void setHeaders(MultiMap<String> headers)
159 {
160 _headers = headers;
161 }
162
163
164
165
166 public String getContentType()
167 {
168 return _contentType;
169 }
170
171
172
173
174 public String getHeader(String name)
175 {
176 if (name == null)
177 return null;
178 return _headers.getValue(name.toLowerCase(Locale.ENGLISH), 0);
179 }
180
181
182
183
184 public Collection<String> getHeaderNames()
185 {
186 return _headers.keySet();
187 }
188
189
190
191
192 public Collection<String> getHeaders(String name)
193 {
194 return _headers.getValues(name);
195 }
196
197
198
199
200 public InputStream getInputStream() throws IOException
201 {
202 if (_file != null)
203 {
204
205 return new BufferedInputStream (new FileInputStream(_file));
206 }
207 else
208 {
209
210 return new ByteArrayInputStream(_bout.getBuf(),0,_bout.size());
211 }
212 }
213
214
215
216
217
218 @Override
219 public String getSubmittedFileName()
220 {
221 return getContentDispositionFilename();
222 }
223
224 public byte[] getBytes()
225 {
226 if (_bout!=null)
227 return _bout.toByteArray();
228 return null;
229 }
230
231
232
233
234 public String getName()
235 {
236 return _name;
237 }
238
239
240
241
242 public long getSize()
243 {
244 return _size;
245 }
246
247
248
249
250 public void write(String fileName) throws IOException
251 {
252 if (_file == null)
253 {
254 _temporary = false;
255
256
257 _file = new File (_tmpDir, fileName);
258
259 BufferedOutputStream bos = null;
260 try
261 {
262 bos = new BufferedOutputStream(new FileOutputStream(_file));
263 _bout.writeTo(bos);
264 bos.flush();
265 }
266 finally
267 {
268 if (bos != null)
269 bos.close();
270 _bout = null;
271 }
272 }
273 else
274 {
275
276 _temporary = false;
277
278 Path src = _file.toPath();
279 Path target = src.resolveSibling(fileName);
280 Files.move(src, target, StandardCopyOption.REPLACE_EXISTING);
281 _file = target.toFile();
282 }
283 }
284
285
286
287
288
289
290 public void delete() throws IOException
291 {
292 if (_file != null && _file.exists())
293 _file.delete();
294 }
295
296
297
298
299
300
301 public void cleanUp() throws IOException
302 {
303 if (_temporary && _file != null && _file.exists())
304 _file.delete();
305 }
306
307
308
309
310
311
312 public File getFile ()
313 {
314 return _file;
315 }
316
317
318
319
320
321
322 public String getContentDispositionFilename ()
323 {
324 return _filename;
325 }
326 }
327
328
329
330
331
332
333
334
335
336
337 public MultiPartInputStreamParser (InputStream in, String contentType, MultipartConfigElement config, File contextTmpDir)
338 {
339 _in = new ReadLineInputStream(in);
340 _contentType = contentType;
341 _config = config;
342 _contextTmpDir = contextTmpDir;
343 if (_contextTmpDir == null)
344 _contextTmpDir = new File (System.getProperty("java.io.tmpdir"));
345
346 if (_config == null)
347 _config = new MultipartConfigElement(_contextTmpDir.getAbsolutePath());
348 }
349
350
351
352
353
354 public Collection<Part> getParsedParts()
355 {
356 if (_parts == null)
357 return Collections.emptyList();
358
359 Collection<List<Part>> values = _parts.values();
360 List<Part> parts = new ArrayList<>();
361 for (List<Part> o: values)
362 {
363 List<Part> asList = LazyList.getList(o, false);
364 parts.addAll(asList);
365 }
366 return parts;
367 }
368
369
370
371
372
373
374 public void deleteParts ()
375 throws MultiException
376 {
377 Collection<Part> parts = getParsedParts();
378 MultiException err = new MultiException();
379 for (Part p:parts)
380 {
381 try
382 {
383 ((MultiPartInputStreamParser.MultiPart)p).cleanUp();
384 }
385 catch(Exception e)
386 {
387 err.add(e);
388 }
389 }
390 _parts.clear();
391
392 err.ifExceptionThrowMulti();
393 }
394
395
396
397
398
399
400
401
402 public Collection<Part> getParts()
403 throws IOException
404 {
405 parse();
406 Collection<List<Part>> values = _parts.values();
407 List<Part> parts = new ArrayList<>();
408 for (List<Part> o: values)
409 {
410 List<Part> asList = LazyList.getList(o, false);
411 parts.addAll(asList);
412 }
413 return parts;
414 }
415
416
417
418
419
420
421
422
423
424 public Part getPart(String name)
425 throws IOException
426 {
427 parse();
428 return _parts.getValue(name, 0);
429 }
430
431
432
433
434
435
436
437 protected void parse ()
438 throws IOException
439 {
440
441 if (_parts != null)
442 return;
443
444
445 long total = 0;
446 _parts = new MultiMap<>();
447
448
449 if (_contentType == null || !_contentType.startsWith("multipart/form-data"))
450 return;
451
452
453
454 if (_config.getLocation() == null)
455 _tmpDir = _contextTmpDir;
456 else if ("".equals(_config.getLocation()))
457 _tmpDir = _contextTmpDir;
458 else
459 {
460 File f = new File (_config.getLocation());
461 if (f.isAbsolute())
462 _tmpDir = f;
463 else
464 _tmpDir = new File (_contextTmpDir, _config.getLocation());
465 }
466
467 if (!_tmpDir.exists())
468 _tmpDir.mkdirs();
469
470 String contentTypeBoundary = "";
471 int bstart = _contentType.indexOf("boundary=");
472 if (bstart >= 0)
473 {
474 int bend = _contentType.indexOf(";", bstart);
475 bend = (bend < 0? _contentType.length(): bend);
476 contentTypeBoundary = QuotedStringTokenizer.unquote(value(_contentType.substring(bstart,bend)).trim());
477 }
478
479 String boundary="--"+contentTypeBoundary;
480 String lastBoundary=boundary+"--";
481 byte[] byteBoundary=lastBoundary.getBytes(StandardCharsets.ISO_8859_1);
482
483
484 String line = null;
485 try
486 {
487 line=((ReadLineInputStream)_in).readLine();
488 }
489 catch (IOException e)
490 {
491 LOG.warn("Badly formatted multipart request");
492 throw e;
493 }
494
495 if (line == null)
496 throw new IOException("Missing content for multipart request");
497
498 boolean badFormatLogged = false;
499 line=line.trim();
500 while (line != null && !line.equals(boundary) && !line.equals(lastBoundary))
501 {
502 if (!badFormatLogged)
503 {
504 LOG.warn("Badly formatted multipart request");
505 badFormatLogged = true;
506 }
507 line=((ReadLineInputStream)_in).readLine();
508 line=(line==null?line:line.trim());
509 }
510
511 if (line == null)
512 throw new IOException("Missing initial multi part boundary");
513
514
515 if (line.equals(lastBoundary))
516 return;
517
518
519 boolean lastPart=false;
520
521 outer:while(!lastPart)
522 {
523 String contentDisposition=null;
524 String contentType=null;
525 String contentTransferEncoding=null;
526
527 MultiMap<String> headers = new MultiMap<>();
528 while(true)
529 {
530 line=((ReadLineInputStream)_in).readLine();
531
532
533 if(line==null)
534 break outer;
535
536
537 if("".equals(line))
538 break;
539
540 total += line.length();
541 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
542 throw new IllegalStateException ("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
543
544
545 int c=line.indexOf(':',0);
546 if(c>0)
547 {
548 String key=line.substring(0,c).trim().toLowerCase(Locale.ENGLISH);
549 String value=line.substring(c+1,line.length()).trim();
550 headers.put(key, value);
551 if (key.equalsIgnoreCase("content-disposition"))
552 contentDisposition=value;
553 if (key.equalsIgnoreCase("content-type"))
554 contentType = value;
555 if(key.equals("content-transfer-encoding"))
556 contentTransferEncoding=value;
557 }
558 }
559
560
561 boolean form_data=false;
562 if(contentDisposition==null)
563 {
564 throw new IOException("Missing content-disposition");
565 }
566
567 QuotedStringTokenizer tok=new QuotedStringTokenizer(contentDisposition,";", false, true);
568 String name=null;
569 String filename=null;
570 while(tok.hasMoreTokens())
571 {
572 String t=tok.nextToken().trim();
573 String tl=t.toLowerCase(Locale.ENGLISH);
574 if(t.startsWith("form-data"))
575 form_data=true;
576 else if(tl.startsWith("name="))
577 name=value(t);
578 else if(tl.startsWith("filename="))
579 filename=filenameValue(t);
580 }
581
582
583 if(!form_data)
584 {
585 continue;
586 }
587
588
589
590
591
592 if(name==null)
593 {
594 continue;
595 }
596
597
598 MultiPart part = new MultiPart(name, filename);
599 part.setHeaders(headers);
600 part.setContentType(contentType);
601 _parts.add(name, part);
602 part.open();
603
604 InputStream partInput = null;
605 if ("base64".equalsIgnoreCase(contentTransferEncoding))
606 {
607 partInput = new Base64InputStream((ReadLineInputStream)_in);
608 }
609 else if ("quoted-printable".equalsIgnoreCase(contentTransferEncoding))
610 {
611 partInput = new FilterInputStream(_in)
612 {
613 @Override
614 public int read() throws IOException
615 {
616 int c = in.read();
617 if (c >= 0 && c == '=')
618 {
619 int hi = in.read();
620 int lo = in.read();
621 if (hi < 0 || lo < 0)
622 {
623 throw new IOException("Unexpected end to quoted-printable byte");
624 }
625 char[] chars = new char[] { (char)hi, (char)lo };
626 c = Integer.parseInt(new String(chars),16);
627 }
628 return c;
629 }
630 };
631 }
632 else
633 partInput = _in;
634
635
636 try
637 {
638 int state=-2;
639 int c;
640 boolean cr=false;
641 boolean lf=false;
642
643
644 while(true)
645 {
646 int b=0;
647 while((c=(state!=-2)?state:partInput.read())!=-1)
648 {
649 total ++;
650 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
651 throw new IllegalStateException("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
652
653 state=-2;
654
655
656 if(c==13||c==10)
657 {
658 if(c==13)
659 {
660 partInput.mark(1);
661 int tmp=partInput.read();
662 if (tmp!=10)
663 partInput.reset();
664 else
665 state=tmp;
666 }
667 break;
668 }
669
670
671 if(b>=0&&b<byteBoundary.length&&c==byteBoundary[b])
672 {
673 b++;
674 }
675 else
676 {
677
678
679 if(cr)
680 part.write(13);
681
682 if(lf)
683 part.write(10);
684
685 cr=lf=false;
686 if(b>0)
687 part.write(byteBoundary,0,b);
688
689 b=-1;
690 part.write(c);
691 }
692 }
693
694
695 if((b>0&&b<byteBoundary.length-2)||(b==byteBoundary.length-1))
696 {
697 if(cr)
698 part.write(13);
699
700 if(lf)
701 part.write(10);
702
703 cr=lf=false;
704 part.write(byteBoundary,0,b);
705 b=-1;
706 }
707
708
709 if(b>0||c==-1)
710 {
711
712 if(b==byteBoundary.length)
713 lastPart=true;
714 if(state==10)
715 state=-2;
716 break;
717 }
718
719
720 if(cr)
721 part.write(13);
722
723 if(lf)
724 part.write(10);
725
726 cr=(c==13);
727 lf=(c==10||state==10);
728 if(state==10)
729 state=-2;
730 }
731 }
732 finally
733 {
734
735 part.close();
736 }
737 }
738 if (!lastPart)
739 throw new IOException("Incomplete parts");
740 }
741
742 public void setDeleteOnExit(boolean deleteOnExit)
743 {
744 _deleteOnExit = deleteOnExit;
745 }
746
747
748 public boolean isDeleteOnExit()
749 {
750 return _deleteOnExit;
751 }
752
753
754
755 private String value(String nameEqualsValue)
756 {
757 int idx = nameEqualsValue.indexOf('=');
758 String value = nameEqualsValue.substring(idx+1).trim();
759 return QuotedStringTokenizer.unquoteOnly(value);
760 }
761
762
763
764 private String filenameValue(String nameEqualsValue)
765 {
766 int idx = nameEqualsValue.indexOf('=');
767 String value = nameEqualsValue.substring(idx+1).trim();
768
769 if (value.matches(".??[a-z,A-Z]\\:\\\\[^\\\\].*"))
770 {
771
772
773 char first=value.charAt(0);
774 if (first=='"' || first=='\'')
775 value=value.substring(1);
776 char last=value.charAt(value.length()-1);
777 if (last=='"' || last=='\'')
778 value = value.substring(0,value.length()-1);
779
780 return value;
781 }
782 else
783
784
785
786
787 return QuotedStringTokenizer.unquoteOnly(value, true);
788 }
789
790
791
792 private static class Base64InputStream extends InputStream
793 {
794 ReadLineInputStream _in;
795 String _line;
796 byte[] _buffer;
797 int _pos;
798
799
800 public Base64InputStream(ReadLineInputStream rlis)
801 {
802 _in = rlis;
803 }
804
805 @Override
806 public int read() throws IOException
807 {
808 if (_buffer==null || _pos>= _buffer.length)
809 {
810
811
812
813
814 _line = _in.readLine();
815 if (_line==null)
816 return -1;
817 if (_line.startsWith("--"))
818 _buffer=(_line+"\r\n").getBytes();
819 else if (_line.length()==0)
820 _buffer="\r\n".getBytes();
821 else
822 {
823 ByteArrayOutputStream baos = new ByteArrayOutputStream((4*_line.length()/3)+2);
824 B64Code.decode(_line, baos);
825 baos.write(13);
826 baos.write(10);
827 _buffer = baos.toByteArray();
828 }
829
830 _pos=0;
831 }
832
833 return _buffer[_pos++];
834 }
835 }
836 }