1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util;
20
21 import java.io.BufferedInputStream;
22 import java.io.BufferedOutputStream;
23 import java.io.ByteArrayInputStream;
24 import java.io.ByteArrayOutputStream;
25 import java.io.File;
26 import java.io.FileInputStream;
27 import java.io.FileOutputStream;
28 import java.io.FilterInputStream;
29 import java.io.IOException;
30 import java.io.InputStream;
31 import java.io.OutputStream;
32 import java.nio.charset.StandardCharsets;
33 import java.util.ArrayList;
34 import java.util.Collection;
35 import java.util.Collections;
36 import java.util.List;
37 import java.util.Locale;
38
39 import javax.servlet.MultipartConfigElement;
40 import javax.servlet.ServletException;
41 import javax.servlet.http.Part;
42
43 import org.eclipse.jetty.util.log.Log;
44 import org.eclipse.jetty.util.log.Logger;
45
46
47
48
49
50
51
52
53 public class MultiPartInputStreamParser
54 {
55 private static final Logger LOG = Log.getLogger(MultiPartInputStreamParser.class);
56 public static final MultipartConfigElement __DEFAULT_MULTIPART_CONFIG = new MultipartConfigElement(System.getProperty("java.io.tmpdir"));
57 protected InputStream _in;
58 protected MultipartConfigElement _config;
59 protected String _contentType;
60 protected MultiMap<Part> _parts;
61 protected File _tmpDir;
62 protected File _contextTmpDir;
63 protected boolean _deleteOnExit;
64
65
66
67 public class MultiPart implements Part
68 {
69 protected String _name;
70 protected String _filename;
71 protected File _file;
72 protected OutputStream _out;
73 protected ByteArrayOutputStream2 _bout;
74 protected String _contentType;
75 protected MultiMap<String> _headers;
76 protected long _size = 0;
77 protected boolean _temporary = true;
78
79 public MultiPart (String name, String filename)
80 throws IOException
81 {
82 _name = name;
83 _filename = filename;
84 }
85
86 protected void setContentType (String contentType)
87 {
88 _contentType = contentType;
89 }
90
91
92 protected void open()
93 throws IOException
94 {
95
96
97 _out = _bout= new ByteArrayOutputStream2();
98 }
99
100 protected void close()
101 throws IOException
102 {
103 _out.close();
104 }
105
106
107 protected void write (int b)
108 throws IOException
109 {
110 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getMaxFileSize())
111 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
112
113 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + 1 > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
114 createFile();
115
116 _out.write(b);
117 _size ++;
118 }
119
120 protected void write (byte[] bytes, int offset, int length)
121 throws IOException
122 {
123 if (MultiPartInputStreamParser.this._config.getMaxFileSize() > 0 && _size + length > MultiPartInputStreamParser.this._config.getMaxFileSize())
124 throw new IllegalStateException ("Multipart Mime part "+_name+" exceeds max filesize");
125
126 if (MultiPartInputStreamParser.this._config.getFileSizeThreshold() > 0 && _size + length > MultiPartInputStreamParser.this._config.getFileSizeThreshold() && _file==null)
127 createFile();
128
129 _out.write(bytes, offset, length);
130 _size += length;
131 }
132
133 protected void createFile ()
134 throws IOException
135 {
136 _file = File.createTempFile("MultiPart", "", MultiPartInputStreamParser.this._tmpDir);
137
138 if (_deleteOnExit)
139 _file.deleteOnExit();
140 FileOutputStream fos = new FileOutputStream(_file);
141 BufferedOutputStream bos = new BufferedOutputStream(fos);
142
143 if (_size > 0 && _out != null)
144 {
145
146 _out.flush();
147 _bout.writeTo(bos);
148 _out.close();
149 _bout = null;
150 }
151 _out = bos;
152 }
153
154
155
156 protected void setHeaders(MultiMap<String> headers)
157 {
158 _headers = headers;
159 }
160
161
162
163
164 public String getContentType()
165 {
166 return _contentType;
167 }
168
169
170
171
172 public String getHeader(String name)
173 {
174 if (name == null)
175 return null;
176 return (String)_headers.getValue(name.toLowerCase(Locale.ENGLISH), 0);
177 }
178
179
180
181
182 public Collection<String> getHeaderNames()
183 {
184 return _headers.keySet();
185 }
186
187
188
189
190 public Collection<String> getHeaders(String name)
191 {
192 return _headers.getValues(name);
193 }
194
195
196
197
198 public InputStream getInputStream() throws IOException
199 {
200 if (_file != null)
201 {
202
203 return new BufferedInputStream (new FileInputStream(_file));
204 }
205 else
206 {
207
208 return new ByteArrayInputStream(_bout.getBuf(),0,_bout.size());
209 }
210 }
211
212
213
214
215
216 @Override
217 public String getSubmittedFileName()
218 {
219 return getContentDispositionFilename();
220 }
221
222 public byte[] getBytes()
223 {
224 if (_bout!=null)
225 return _bout.toByteArray();
226 return null;
227 }
228
229
230
231
232 public String getName()
233 {
234 return _name;
235 }
236
237
238
239
240 public long getSize()
241 {
242 return _size;
243 }
244
245
246
247
248 public void write(String fileName) throws IOException
249 {
250 if (_file == null)
251 {
252 _temporary = false;
253
254
255 _file = new File (_tmpDir, fileName);
256
257 BufferedOutputStream bos = null;
258 try
259 {
260 bos = new BufferedOutputStream(new FileOutputStream(_file));
261 _bout.writeTo(bos);
262 bos.flush();
263 }
264 finally
265 {
266 if (bos != null)
267 bos.close();
268 _bout = null;
269 }
270 }
271 else
272 {
273
274 _temporary = false;
275
276 File f = new File(_tmpDir, fileName);
277 if (_file.renameTo(f))
278 _file = f;
279 }
280 }
281
282
283
284
285
286
287 public void delete() throws IOException
288 {
289 if (_file != null && _file.exists())
290 _file.delete();
291 }
292
293
294
295
296
297
298 public void cleanUp() throws IOException
299 {
300 if (_temporary && _file != null && _file.exists())
301 _file.delete();
302 }
303
304
305
306
307
308 public File getFile ()
309 {
310 return _file;
311 }
312
313
314
315
316
317
318 public String getContentDispositionFilename ()
319 {
320 return _filename;
321 }
322 }
323
324
325
326
327
328
329
330
331
332
333 public MultiPartInputStreamParser (InputStream in, String contentType, MultipartConfigElement config, File contextTmpDir)
334 {
335 _in = new ReadLineInputStream(in);
336 _contentType = contentType;
337 _config = config;
338 _contextTmpDir = contextTmpDir;
339 if (_contextTmpDir == null)
340 _contextTmpDir = new File (System.getProperty("java.io.tmpdir"));
341
342 if (_config == null)
343 _config = new MultipartConfigElement(_contextTmpDir.getAbsolutePath());
344 }
345
346
347
348
349 public Collection<Part> getParsedParts()
350 {
351 if (_parts == null)
352 return Collections.emptyList();
353
354 Collection<List<Part>> values = _parts.values();
355 List<Part> parts = new ArrayList<Part>();
356 for (List<Part> o: values)
357 {
358 List<Part> asList = LazyList.getList(o, false);
359 parts.addAll(asList);
360 }
361 return parts;
362 }
363
364
365
366
367
368
369 public void deleteParts ()
370 throws MultiException
371 {
372 Collection<Part> parts = getParsedParts();
373 MultiException err = new MultiException();
374 for (Part p:parts)
375 {
376 try
377 {
378 ((MultiPartInputStreamParser.MultiPart)p).cleanUp();
379 }
380 catch(Exception e)
381 {
382 err.add(e);
383 }
384 }
385 _parts.clear();
386
387 err.ifExceptionThrowMulti();
388 }
389
390
391
392
393
394
395
396
397 public Collection<Part> getParts()
398 throws IOException, ServletException
399 {
400 parse();
401 Collection<List<Part>> values = _parts.values();
402 List<Part> parts = new ArrayList<Part>();
403 for (List<Part> o: values)
404 {
405 List<Part> asList = LazyList.getList(o, false);
406 parts.addAll(asList);
407 }
408 return parts;
409 }
410
411
412
413
414
415
416
417
418
419 public Part getPart(String name)
420 throws IOException, ServletException
421 {
422 parse();
423 return (Part)_parts.getValue(name, 0);
424 }
425
426
427
428
429
430
431
432
433 protected void parse ()
434 throws IOException, ServletException
435 {
436
437 if (_parts != null)
438 return;
439
440
441 long total = 0;
442 _parts = new MultiMap<Part>();
443
444
445 if (_contentType == null || !_contentType.startsWith("multipart/form-data"))
446 return;
447
448
449
450 if (_config.getLocation() == null)
451 _tmpDir = _contextTmpDir;
452 else if ("".equals(_config.getLocation()))
453 _tmpDir = _contextTmpDir;
454 else
455 {
456 File f = new File (_config.getLocation());
457 if (f.isAbsolute())
458 _tmpDir = f;
459 else
460 _tmpDir = new File (_contextTmpDir, _config.getLocation());
461 }
462
463 if (!_tmpDir.exists())
464 _tmpDir.mkdirs();
465
466 String contentTypeBoundary = "";
467 int bstart = _contentType.indexOf("boundary=");
468 if (bstart >= 0)
469 {
470 int bend = _contentType.indexOf(";", bstart);
471 bend = (bend < 0? _contentType.length(): bend);
472 contentTypeBoundary = QuotedStringTokenizer.unquote(value(_contentType.substring(bstart,bend)).trim());
473 }
474
475 String boundary="--"+contentTypeBoundary;
476 byte[] byteBoundary=(boundary+"--").getBytes(StandardCharsets.ISO_8859_1);
477
478
479 String line = null;
480 try
481 {
482 line=((ReadLineInputStream)_in).readLine();
483 }
484 catch (IOException e)
485 {
486 LOG.warn("Badly formatted multipart request");
487 throw e;
488 }
489
490 if (line == null)
491 throw new IOException("Missing content for multipart request");
492
493 boolean badFormatLogged = false;
494 line=line.trim();
495 while (line != null && !line.equals(boundary))
496 {
497 if (!badFormatLogged)
498 {
499 LOG.warn("Badly formatted multipart request");
500 badFormatLogged = true;
501 }
502 line=((ReadLineInputStream)_in).readLine();
503 line=(line==null?line:line.trim());
504 }
505
506 if (line == null)
507 throw new IOException("Missing initial multi part boundary");
508
509
510 boolean lastPart=false;
511
512 outer:while(!lastPart)
513 {
514 String contentDisposition=null;
515 String contentType=null;
516 String contentTransferEncoding=null;
517
518 MultiMap<String> headers = new MultiMap<String>();
519 while(true)
520 {
521 line=((ReadLineInputStream)_in).readLine();
522
523
524 if(line==null)
525 break outer;
526
527
528 if("".equals(line))
529 break;
530
531 total += line.length();
532 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
533 throw new IllegalStateException ("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
534
535
536 int c=line.indexOf(':',0);
537 if(c>0)
538 {
539 String key=line.substring(0,c).trim().toLowerCase(Locale.ENGLISH);
540 String value=line.substring(c+1,line.length()).trim();
541 headers.put(key, value);
542 if (key.equalsIgnoreCase("content-disposition"))
543 contentDisposition=value;
544 if (key.equalsIgnoreCase("content-type"))
545 contentType = value;
546 if(key.equals("content-transfer-encoding"))
547 contentTransferEncoding=value;
548 }
549 }
550
551
552 boolean form_data=false;
553 if(contentDisposition==null)
554 {
555 throw new IOException("Missing content-disposition");
556 }
557
558 QuotedStringTokenizer tok=new QuotedStringTokenizer(contentDisposition,";", false, true);
559 String name=null;
560 String filename=null;
561 while(tok.hasMoreTokens())
562 {
563 String t=tok.nextToken().trim();
564 String tl=t.toLowerCase(Locale.ENGLISH);
565 if(t.startsWith("form-data"))
566 form_data=true;
567 else if(tl.startsWith("name="))
568 name=value(t);
569 else if(tl.startsWith("filename="))
570 filename=filenameValue(t);
571 }
572
573
574 if(!form_data)
575 {
576 continue;
577 }
578
579
580
581
582
583 if(name==null)
584 {
585 continue;
586 }
587
588
589 MultiPart part = new MultiPart(name, filename);
590 part.setHeaders(headers);
591 part.setContentType(contentType);
592 _parts.add(name, part);
593 part.open();
594
595 InputStream partInput = null;
596 if ("base64".equalsIgnoreCase(contentTransferEncoding))
597 {
598 partInput = new Base64InputStream((ReadLineInputStream)_in);
599 }
600 else if ("quoted-printable".equalsIgnoreCase(contentTransferEncoding))
601 {
602 partInput = new FilterInputStream(_in)
603 {
604 @Override
605 public int read() throws IOException
606 {
607 int c = in.read();
608 if (c >= 0 && c == '=')
609 {
610 int hi = in.read();
611 int lo = in.read();
612 if (hi < 0 || lo < 0)
613 {
614 throw new IOException("Unexpected end to quoted-printable byte");
615 }
616 char[] chars = new char[] { (char)hi, (char)lo };
617 c = Integer.parseInt(new String(chars),16);
618 }
619 return c;
620 }
621 };
622 }
623 else
624 partInput = _in;
625
626
627 try
628 {
629 int state=-2;
630 int c;
631 boolean cr=false;
632 boolean lf=false;
633
634
635 while(true)
636 {
637 int b=0;
638 while((c=(state!=-2)?state:partInput.read())!=-1)
639 {
640 total ++;
641 if (_config.getMaxRequestSize() > 0 && total > _config.getMaxRequestSize())
642 throw new IllegalStateException("Request exceeds maxRequestSize ("+_config.getMaxRequestSize()+")");
643
644 state=-2;
645
646
647 if(c==13||c==10)
648 {
649 if(c==13)
650 {
651 partInput.mark(1);
652 int tmp=partInput.read();
653 if (tmp!=10)
654 partInput.reset();
655 else
656 state=tmp;
657 }
658 break;
659 }
660
661
662 if(b>=0&&b<byteBoundary.length&&c==byteBoundary[b])
663 {
664 b++;
665 }
666 else
667 {
668
669
670 if(cr)
671 part.write(13);
672
673 if(lf)
674 part.write(10);
675
676 cr=lf=false;
677 if(b>0)
678 part.write(byteBoundary,0,b);
679
680 b=-1;
681 part.write(c);
682 }
683 }
684
685
686 if((b>0&&b<byteBoundary.length-2)||(b==byteBoundary.length-1))
687 {
688 if(cr)
689 part.write(13);
690
691 if(lf)
692 part.write(10);
693
694 cr=lf=false;
695 part.write(byteBoundary,0,b);
696 b=-1;
697 }
698
699
700 if(b>0||c==-1)
701 {
702
703 if(b==byteBoundary.length)
704 lastPart=true;
705 if(state==10)
706 state=-2;
707 break;
708 }
709
710
711 if(cr)
712 part.write(13);
713
714 if(lf)
715 part.write(10);
716
717 cr=(c==13);
718 lf=(c==10||state==10);
719 if(state==10)
720 state=-2;
721 }
722 }
723 finally
724 {
725
726 part.close();
727 }
728 }
729 if (!lastPart)
730 throw new IOException("Incomplete parts");
731 }
732
733 public void setDeleteOnExit(boolean deleteOnExit)
734 {
735 _deleteOnExit = deleteOnExit;
736 }
737
738
739 public boolean isDeleteOnExit()
740 {
741 return _deleteOnExit;
742 }
743
744
745
746 private String value(String nameEqualsValue)
747 {
748 int idx = nameEqualsValue.indexOf('=');
749 String value = nameEqualsValue.substring(idx+1).trim();
750 return QuotedStringTokenizer.unquoteOnly(value);
751 }
752
753
754
755 private String filenameValue(String nameEqualsValue)
756 {
757 int idx = nameEqualsValue.indexOf('=');
758 String value = nameEqualsValue.substring(idx+1).trim();
759
760 if (value.matches(".??[a-z,A-Z]\\:\\\\[^\\\\].*"))
761 {
762
763
764 char first=value.charAt(0);
765 if (first=='"' || first=='\'')
766 value=value.substring(1);
767 char last=value.charAt(value.length()-1);
768 if (last=='"' || last=='\'')
769 value = value.substring(0,value.length()-1);
770
771 return value;
772 }
773 else
774
775
776
777
778 return QuotedStringTokenizer.unquoteOnly(value, true);
779 }
780
781
782
783 private static class Base64InputStream extends InputStream
784 {
785 ReadLineInputStream _in;
786 String _line;
787 byte[] _buffer;
788 int _pos;
789
790
791 public Base64InputStream(ReadLineInputStream rlis)
792 {
793 _in = rlis;
794 }
795
796 @Override
797 public int read() throws IOException
798 {
799 if (_buffer==null || _pos>= _buffer.length)
800 {
801
802
803
804
805 _line = _in.readLine();
806 if (_line==null)
807 return -1;
808 if (_line.startsWith("--"))
809 _buffer=(_line+"\r\n").getBytes();
810 else if (_line.length()==0)
811 _buffer="\r\n".getBytes();
812 else
813 {
814 ByteArrayOutputStream baos = new ByteArrayOutputStream((4*_line.length()/3)+2);
815 B64Code.decode(_line, baos);
816 baos.write(13);
817 baos.write(10);
818 _buffer = baos.toByteArray();
819 }
820
821 _pos=0;
822 }
823
824 return _buffer[_pos++];
825 }
826 }
827 }