diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java index 058332c0..0222cb0e 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java @@ -19,7 +19,7 @@ import jakarta.servlet.ServletResponse; import jakarta.servlet.http.HttpServletRequest; -import org.springframework.web.multipart.support.DefaultMultipartHttpServletRequest; +import org.springframework.web.multipart.MultipartHttpServletRequest; import static org.apache.commons.fileupload2.jakarta.servlet6.JakartaServletFileUpload.isMultipartContent; @@ -31,7 +31,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha if (!"GET".equalsIgnoreCase(((HttpServletRequest) request).getMethod())) { if (isMultipartContent((HttpServletRequest) request)) { - request = new XSSMultipartRequestWrapper((DefaultMultipartHttpServletRequest) request); + request = new XSSMultipartRequestWrapper((MultipartHttpServletRequest) request); } else { request = new XSSRequestWrapper((HttpServletRequest) request); } diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java index 4c0bd2f8..4a217f2f 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java @@ -10,15 +10,21 @@ package org.openmrs.web.xss; import java.util.Enumeration; +import java.util.Iterator; import java.util.List; +import java.util.Map; +import jakarta.servlet.http.HttpServletRequestWrapper; + +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.util.MultiValueMap; import org.springframework.web.multipart.MultipartFile; -import org.springframework.web.multipart.support.DefaultMultipartHttpServletRequest; +import org.springframework.web.multipart.MultipartHttpServletRequest; -public class XSSMultipartRequestWrapper extends DefaultMultipartHttpServletRequest { +public class XSSMultipartRequestWrapper extends HttpServletRequestWrapper implements MultipartHttpServletRequest { - public XSSMultipartRequestWrapper(DefaultMultipartHttpServletRequest request) { + public XSSMultipartRequestWrapper(MultipartHttpServletRequest request) { super(request); } @@ -50,9 +56,13 @@ public String[] getParameterValues(String name) { return encodedValues; } + public MultipartHttpServletRequest getRequest() { + return (MultipartHttpServletRequest) super.getRequest(); + } + @Override - public DefaultMultipartHttpServletRequest getRequest() { - return (DefaultMultipartHttpServletRequest) super.getRequest(); + public Iterator getFileNames() { + return getRequest().getFileNames(); } @Override @@ -64,14 +74,35 @@ public MultipartFile getFile(String name) { public MultiValueMap getMultiFileMap() { return getRequest().getMultiFileMap(); } + @Override - public Enumeration getParameterNames() { - return getRequest().getParameterNames(); + public List getFiles(String name) { + return getRequest().getFiles(name); } @Override - public List getFiles(String name) { - return getRequest().getFiles(name); + public Map getFileMap() { + return getRequest().getFileMap(); + } + + @Override + public String getMultipartContentType(String paramOrFileName) { + return getRequest().getMultipartContentType(paramOrFileName); + } + + @Override + public HttpHeaders getMultipartHeaders(String paramOrFileName) { + return getRequest().getMultipartHeaders(paramOrFileName); + } + + @Override + public HttpHeaders getRequestHeaders() { + return getRequest().getRequestHeaders(); + } + + @Override + public HttpMethod getRequestMethod() { + return getRequest().getRequestMethod(); } } diff --git a/pom.xml b/pom.xml index 5674780c..129286d7 100644 --- a/pom.xml +++ b/pom.xml @@ -155,6 +155,7 @@ ${javaCompilerVersion} ${javaCompilerVersion} ${project.build.sourceEncoding} + true