Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
DiskFileItemFactory |
|
| 1.1111111111111112;1,111 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one or more | |
3 | * contributor license agreements. See the NOTICE file distributed with | |
4 | * this work for additional information regarding copyright ownership. | |
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 | |
6 | * (the "License"); you may not use this file except in compliance with | |
7 | * the License. You may obtain a copy of the License at | |
8 | * | |
9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
10 | * | |
11 | * Unless required by applicable law or agreed to in writing, software | |
12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 | * See the License for the specific language governing permissions and | |
15 | * limitations under the License. | |
16 | */ | |
17 | package org.apache.commons.fileupload.disk; | |
18 | ||
19 | import java.io.File; | |
20 | ||
21 | import org.apache.commons.fileupload.FileItem; | |
22 | import org.apache.commons.fileupload.FileItemFactory; | |
23 | import org.apache.commons.io.FileCleaningTracker; | |
24 | ||
25 | /** | |
26 | * <p>The default {@link org.apache.commons.fileupload.FileItemFactory} | |
27 | * implementation. This implementation creates | |
28 | * {@link org.apache.commons.fileupload.FileItem} instances which keep their | |
29 | * content either in memory, for smaller items, or in a temporary file on disk, | |
30 | * for larger items. The size threshold, above which content will be stored on | |
31 | * disk, is configurable, as is the directory in which temporary files will be | |
32 | * created.</p> | |
33 | * | |
34 | * <p>If not otherwise configured, the default configuration values are as | |
35 | * follows:</p> | |
36 | * <ul> | |
37 | * <li>Size threshold is 10KB.</li> | |
38 | * <li>Repository is the system default temp directory, as returned by | |
39 | * <code>System.getProperty("java.io.tmpdir")</code>.</li> | |
40 | * </ul> | |
41 | * <p> | |
42 | * <b>NOTE</b>: Files are created in the system default temp directory with | |
43 | * predictable names. This means that a local attacker with write access to that | |
44 | * directory can perform a TOUTOC attack to replace any uploaded file with a | |
45 | * file of the attackers choice. The implications of this will depend on how the | |
46 | * uploaded file is used but could be significant. When using this | |
47 | * implementation in an environment with local, untrusted users, | |
48 | * {@link #setRepository(File)} MUST be used to configure a repository location | |
49 | * that is not publicly writable. In a Servlet container the location identified | |
50 | * by the ServletContext attribute <code>javax.servlet.context.tempdir</code> | |
51 | * may be used. | |
52 | * </p> | |
53 | * | |
54 | * <p>Temporary files, which are created for file items, should be | |
55 | * deleted later on. The best way to do this is using a | |
56 | * {@link FileCleaningTracker}, which you can set on the | |
57 | * {@link DiskFileItemFactory}. However, if you do use such a tracker, | |
58 | * then you must consider the following: Temporary files are automatically | |
59 | * deleted as soon as they are no longer needed. (More precisely, when the | |
60 | * corresponding instance of {@link java.io.File} is garbage collected.) | |
61 | * This is done by the so-called reaper thread, which is started and stopped | |
62 | * automatically by the {@link FileCleaningTracker} when there are files to be | |
63 | * tracked. | |
64 | * It might make sense to terminate that thread, for example, if | |
65 | * your web application ends. See the section on "Resource cleanup" | |
66 | * in the users guide of commons-fileupload.</p> | |
67 | * | |
68 | * @since FileUpload 1.1 | |
69 | */ | |
70 | public class DiskFileItemFactory implements FileItemFactory { | |
71 | ||
72 | // ----------------------------------------------------- Manifest constants | |
73 | ||
74 | /** | |
75 | * The default threshold above which uploads will be stored on disk. | |
76 | */ | |
77 | public static final int DEFAULT_SIZE_THRESHOLD = 10240; | |
78 | ||
79 | // ----------------------------------------------------- Instance Variables | |
80 | ||
81 | /** | |
82 | * The directory in which uploaded files will be stored, if stored on disk. | |
83 | */ | |
84 | private File repository; | |
85 | ||
86 | /** | |
87 | * The threshold above which uploads will be stored on disk. | |
88 | */ | |
89 | 33 | private int sizeThreshold = DEFAULT_SIZE_THRESHOLD; |
90 | ||
91 | /** | |
92 | * <p>The instance of {@link FileCleaningTracker}, which is responsible | |
93 | * for deleting temporary files.</p> | |
94 | * <p>May be null, if tracking files is not required.</p> | |
95 | */ | |
96 | private FileCleaningTracker fileCleaningTracker; | |
97 | ||
98 | // ----------------------------------------------------------- Constructors | |
99 | ||
100 | /** | |
101 | * Constructs an unconfigured instance of this class. The resulting factory | |
102 | * may be configured by calling the appropriate setter methods. | |
103 | */ | |
104 | public DiskFileItemFactory() { | |
105 | 22 | this(DEFAULT_SIZE_THRESHOLD, null); |
106 | 22 | } |
107 | ||
108 | /** | |
109 | * Constructs a preconfigured instance of this class. | |
110 | * | |
111 | * @param sizeThreshold The threshold, in bytes, below which items will be | |
112 | * retained in memory and above which they will be | |
113 | * stored as a file. | |
114 | * @param repository The data repository, which is the directory in | |
115 | * which files will be created, should the item size | |
116 | * exceed the threshold. | |
117 | */ | |
118 | 33 | public DiskFileItemFactory(int sizeThreshold, File repository) { |
119 | 33 | this.sizeThreshold = sizeThreshold; |
120 | 33 | this.repository = repository; |
121 | 33 | } |
122 | ||
123 | // ------------------------------------------------------------- Properties | |
124 | ||
125 | /** | |
126 | * Returns the directory used to temporarily store files that are larger | |
127 | * than the configured size threshold. | |
128 | * | |
129 | * @return The directory in which temporary files will be located. | |
130 | * | |
131 | * @see #setRepository(java.io.File) | |
132 | * | |
133 | */ | |
134 | public File getRepository() { | |
135 | 5 | return repository; |
136 | } | |
137 | ||
138 | /** | |
139 | * Sets the directory used to temporarily store files that are larger | |
140 | * than the configured size threshold. | |
141 | * | |
142 | * @param repository The directory in which temporary files will be located. | |
143 | * | |
144 | * @see #getRepository() | |
145 | * | |
146 | */ | |
147 | public void setRepository(File repository) { | |
148 | 0 | this.repository = repository; |
149 | 0 | } |
150 | ||
151 | /** | |
152 | * Returns the size threshold beyond which files are written directly to | |
153 | * disk. The default value is 10240 bytes. | |
154 | * | |
155 | * @return The size threshold, in bytes. | |
156 | * | |
157 | * @see #setSizeThreshold(int) | |
158 | */ | |
159 | public int getSizeThreshold() { | |
160 | 5 | return sizeThreshold; |
161 | } | |
162 | ||
163 | /** | |
164 | * Sets the size threshold beyond which files are written directly to disk. | |
165 | * | |
166 | * @param sizeThreshold The size threshold, in bytes. | |
167 | * | |
168 | * @see #getSizeThreshold() | |
169 | * | |
170 | */ | |
171 | public void setSizeThreshold(int sizeThreshold) { | |
172 | 0 | this.sizeThreshold = sizeThreshold; |
173 | 0 | } |
174 | ||
175 | // --------------------------------------------------------- Public Methods | |
176 | ||
177 | /** | |
178 | * Create a new {@link org.apache.commons.fileupload.disk.DiskFileItem} | |
179 | * instance from the supplied parameters and the local factory | |
180 | * configuration. | |
181 | * | |
182 | * @param fieldName The name of the form field. | |
183 | * @param contentType The content type of the form field. | |
184 | * @param isFormField <code>true</code> if this is a plain form field; | |
185 | * <code>false</code> otherwise. | |
186 | * @param fileName The name of the uploaded file, if any, as supplied | |
187 | * by the browser or other client. | |
188 | * | |
189 | * @return The newly created file item. | |
190 | */ | |
191 | public FileItem createItem(String fieldName, String contentType, | |
192 | boolean isFormField, String fileName) { | |
193 | 2168 | DiskFileItem result = new DiskFileItem(fieldName, contentType, |
194 | isFormField, fileName, sizeThreshold, repository); | |
195 | 2168 | FileCleaningTracker tracker = getFileCleaningTracker(); |
196 | 2168 | if (tracker != null) { |
197 | 0 | tracker.track(result.getTempFile(), result); |
198 | } | |
199 | 2168 | return result; |
200 | } | |
201 | ||
202 | /** | |
203 | * Returns the tracker, which is responsible for deleting temporary | |
204 | * files. | |
205 | * | |
206 | * @return An instance of {@link FileCleaningTracker}, or null | |
207 | * (default), if temporary files aren't tracked. | |
208 | */ | |
209 | public FileCleaningTracker getFileCleaningTracker() { | |
210 | 2168 | return fileCleaningTracker; |
211 | } | |
212 | ||
213 | /** | |
214 | * Sets the tracker, which is responsible for deleting temporary | |
215 | * files. | |
216 | * | |
217 | * @param pTracker An instance of {@link FileCleaningTracker}, | |
218 | * which will from now on track the created files, or null | |
219 | * (default), to disable tracking. | |
220 | */ | |
221 | public void setFileCleaningTracker(FileCleaningTracker pTracker) { | |
222 | 0 | fileCleaningTracker = pTracker; |
223 | 0 | } |
224 | ||
225 | } |