POST request with multipart/form-data downloads the file

Issue

  • A POST request with multipart/form-data and appropriately sized attached file downloads the file to the temporary disk folder
  • Antivirus agent may detect malicious file(s) in the folder after a similar POST request

Environment

  • Liferay DXP 7.0+

Resolution

  • The hardship with multipart is that the server does not know what is inside the request until it reads the request in full length.
  • This means, the portal cannot throw away the request - to avoid DoS on the memory, the requests are saved temporarily to disk.
  • For example: the portletId is the last thing in the request, in this case, DXP does not know which portlet/action the request targets until the very end of the multipart body. 

Additional Information

这篇文章有帮助吗?
1 人中有 1 人觉得有帮助