From c5967e336ec247ffa304fc81ab4444b90a653d74 Mon Sep 17 00:00:00 2001
From: jeb228 <jeb228@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Thu, 27 May 2010 19:07:39 +0000
Subject: [PATCH] NIHVIVO-160 Add a maximum file size. Ensure UTF-8 encoding on
 the request parameters.

---
 .../FileUploadServletRequest.java             |  4 +--
 .../MultipartHttpServletRequest.java          | 30 +++++++++++++------
 2 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/FileUploadServletRequest.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/FileUploadServletRequest.java
index 8dff4522b..2684acfd0 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/FileUploadServletRequest.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/FileUploadServletRequest.java
@@ -41,10 +41,10 @@ public abstract class FileUploadServletRequest implements HttpServletRequest {
 	 * Wrap this {@link HttpServletRequest} in an appropriate wrapper class.
 	 */
 	public static FileUploadServletRequest parseRequest(
-			HttpServletRequest request) throws IOException {
+			HttpServletRequest request, int maxFileSize) throws IOException {
 		boolean isMultipart = ServletFileUpload.isMultipartContent(request);
 		if (isMultipart) {
-			return new MultipartHttpServletRequest(request);
+			return new MultipartHttpServletRequest(request, maxFileSize);
 		} else {
 			return new SimpleHttpServletRequestWrapper(request);
 		}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/MultipartHttpServletRequest.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/MultipartHttpServletRequest.java
index 4f174fc1f..c1b6e779a 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/MultipartHttpServletRequest.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/uploadrequest/MultipartHttpServletRequest.java
@@ -39,22 +39,21 @@ class MultipartHttpServletRequest extends FileUploadServletRequest {
 	 * Parse the multipart request. Store the info about the request parameters
 	 * and the uploaded files.
 	 */
-	public MultipartHttpServletRequest(HttpServletRequest request)
-			throws IOException {
+	public MultipartHttpServletRequest(HttpServletRequest request,
+			int maxFileSize) throws IOException {
 		super(request);
 
 		Map<String, List<String>> parameters = new HashMap<String, List<String>>();
 		Map<String, List<FileItem>> files = new HashMap<String, List<FileItem>>();
 
 		try {
-			FileItemFactory factory = new DiskFileItemFactory();
-			ServletFileUpload upload = new ServletFileUpload(factory);
+			ServletFileUpload upload = createUploadHandler(maxFileSize);
 			List<FileItem> items = parseRequestIntoFileItems(request, upload);
 			for (FileItem item : items) {
 				// Process a regular form field
 				if (item.isFormField()) {
 					addToParameters(parameters, item.getFieldName(), item
-							.getString());
+							.getString("UTF-8"));
 					LOG.debug("Form field (parameter) " + item.getFieldName()
 							+ "=" + item.getString());
 				} else {
@@ -75,6 +74,20 @@ class MultipartHttpServletRequest extends FileUploadServletRequest {
 		LOG.debug("Files are: " + this.files);
 	}
 
+	/**
+	 * Create an upload handler that will throw an exception if the file is too
+	 * large.
+	 */
+	private ServletFileUpload createUploadHandler(int maxFileSize) {
+		DiskFileItemFactory factory = new DiskFileItemFactory();
+		factory.setSizeThreshold(maxFileSize);
+
+		ServletFileUpload upload = new ServletFileUpload(factory);
+		upload.setSizeMax(maxFileSize);
+
+		return upload;
+	}
+
 	/** Either create a new List for the value, or add to an existing List. */
 	private void addToParameters(Map<String, List<String>> map, String name,
 			String value) {
@@ -85,15 +98,14 @@ class MultipartHttpServletRequest extends FileUploadServletRequest {
 	}
 
 	/** Either create a new List for the file, or add to an existing List. */
-	private void addToFileItems(Map<String, List<FileItem>> map, 
-			FileItem file) {
+	private void addToFileItems(Map<String, List<FileItem>> map, FileItem file) {
 		String name = file.getFieldName();
 		if (!map.containsKey(name)) {
 			map.put(name, new ArrayList<FileItem>());
 		}
 		map.get(name).add(file);
 	}
-	
+
 	/** Minimize the code that uses the unchecked cast. */
 	@SuppressWarnings("unchecked")
 	private List<FileItem> parseRequestIntoFileItems(HttpServletRequest req,
@@ -145,7 +157,7 @@ class MultipartHttpServletRequest extends FileUploadServletRequest {
 	}
 
 	@Override
-	public Map<?, ?> getParameterMap() {
+	public Map<String, String[]> getParameterMap() {
 		Map<String, String[]> result = new HashMap<String, String[]>();
 		for (Entry<String, List<String>> entry : parameters.entrySet()) {
 			result.put(entry.getKey(), entry.getValue().toArray(EMPTY_ARRAY));
