From e825b12f338bdbb8fc07e527f11f382ba395d371 Mon Sep 17 00:00:00 2001 From: sudhanshu_raj Date: Tue, 3 Mar 2026 19:05:03 +0530 Subject: [PATCH 1/3] Using MultipartHttpServletRequest casting due to latest spring compatbility --- .../java/org/openmrs/web/xss/XSSFilter.java | 6 +-- .../web/xss/XSSMultipartRequestWrapper.java | 45 ++++++++++++++++--- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java index 058332c0..d36d178b 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java @@ -19,9 +19,9 @@ import jakarta.servlet.ServletResponse; import jakarta.servlet.http.HttpServletRequest; -import org.springframework.web.multipart.support.DefaultMultipartHttpServletRequest; +import org.springframework.web.multipart.MultipartHttpServletRequest; -import static org.apache.commons.fileupload2.jakarta.servlet6.JakartaServletFileUpload.isMultipartContent; +import static org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload.isMultipartContent; public class XSSFilter implements Filter { @@ -31,7 +31,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha if (!"GET".equalsIgnoreCase(((HttpServletRequest) request).getMethod())) { if (isMultipartContent((HttpServletRequest) request)) { - request = new XSSMultipartRequestWrapper((DefaultMultipartHttpServletRequest) request); + request = new XSSMultipartRequestWrapper((MultipartHttpServletRequest) request); } else { request = new XSSRequestWrapper((HttpServletRequest) request); } diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java index 4c0bd2f8..d0127a19 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java @@ -10,15 +10,21 @@ package org.openmrs.web.xss; import java.util.Enumeration; +import java.util.Iterator; import java.util.List; +import java.util.Map; +import jakarta.servlet.http.HttpServletRequestWrapper; + +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.util.MultiValueMap; import org.springframework.web.multipart.MultipartFile; -import org.springframework.web.multipart.support.DefaultMultipartHttpServletRequest; +import org.springframework.web.multipart.MultipartHttpServletRequest; -public class XSSMultipartRequestWrapper extends DefaultMultipartHttpServletRequest { +public class XSSMultipartRequestWrapper extends HttpServletRequestWrapper implements MultipartHttpServletRequest { - public XSSMultipartRequestWrapper(DefaultMultipartHttpServletRequest request) { + public XSSMultipartRequestWrapper(MultipartHttpServletRequest request) { super(request); } @@ -50,9 +56,13 @@ public String[] getParameterValues(String name) { return encodedValues; } + public MultipartHttpServletRequest getRequest() { + return (MultipartHttpServletRequest) super.getRequest(); + } + @Override - public DefaultMultipartHttpServletRequest getRequest() { - return (DefaultMultipartHttpServletRequest) super.getRequest(); + public Iterator getFileNames() { + return getRequest().getFileNames(); } @Override @@ -74,4 +84,29 @@ public Enumeration getParameterNames() { public List getFiles(String name) { return getRequest().getFiles(name); } + + @Override + public Map getFileMap() { + return getRequest().getFileMap(); + } + + @Override + public String getMultipartContentType(String paramOrFileName) { + return getRequest().getMultipartContentType(paramOrFileName); + } + + @Override + public HttpHeaders getMultipartHeaders(String paramOrFileName) { + return getRequest().getMultipartHeaders(paramOrFileName); + } + + @Override + public HttpHeaders getRequestHeaders() { + return getRequest().getRequestHeaders(); + } + + @Override + public HttpMethod getRequestMethod() { + return getRequest().getRequestMethod(); + } } From 8e208db4d0dedefdf6419b78dc562994b1665883 Mon Sep 17 00:00:00 2001 From: sudhanshu_raj Date: Thu, 5 Mar 2026 10:32:23 +0530 Subject: [PATCH 2/3] LUI-209:Fixed import line and removed not needed function --- omod/src/main/java/org/openmrs/web/xss/XSSFilter.java | 2 +- .../org/openmrs/web/xss/XSSMultipartRequestWrapper.java | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java index d36d178b..0222cb0e 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSFilter.java @@ -21,7 +21,7 @@ import org.springframework.web.multipart.MultipartHttpServletRequest; -import static org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload.isMultipartContent; +import static org.apache.commons.fileupload2.jakarta.servlet6.JakartaServletFileUpload.isMultipartContent; public class XSSFilter implements Filter { diff --git a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java index d0127a19..4a217f2f 100644 --- a/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java +++ b/omod/src/main/java/org/openmrs/web/xss/XSSMultipartRequestWrapper.java @@ -74,11 +74,7 @@ public MultipartFile getFile(String name) { public MultiValueMap getMultiFileMap() { return getRequest().getMultiFileMap(); } - - @Override - public Enumeration getParameterNames() { - return getRequest().getParameterNames(); - } + @Override public List getFiles(String name) { From 19ddb1a4c84cc3b4555d0e44cb32091cfcfcef5c Mon Sep 17 00:00:00 2001 From: sudhanshu_raj Date: Sat, 7 Mar 2026 11:16:00 +0530 Subject: [PATCH 3/3] Added parameter configuration --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 5674780c..129286d7 100644 --- a/pom.xml +++ b/pom.xml @@ -155,6 +155,7 @@ ${javaCompilerVersion} ${javaCompilerVersion} ${project.build.sourceEncoding} + true