OF-2717 / OF-2718: Migrate commons-fileupload for JakartaEE 9 compati…

…bility
igniterealtime · Nov 10, 2023 · f475b01 · f475b01
1 parent fc4e2cd
commit f475b01
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 13 deletions.
diff --git a/xmppserver/pom.xml b/xmppserver/pom.xml
@@ -404,9 +404,9 @@
             <version>2.4.2</version>
         </dependency>
         <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.5</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-fileupload2-jakarta</artifactId>
+            <version>2.0.0-M1</version>
         </dependency>
         <dependency>
             <groupId>org.directwebremoting</groupId>

diff --git a/xmppserver/src/main/webapp/plugin-admin.jsp b/xmppserver/src/main/webapp/plugin-admin.jsp
@@ -15,20 +15,19 @@
   - limitations under the License.
 --%>
 
-<%@ page import="java.io.InputStream,
-                 java.util.List,
-                 org.apache.commons.fileupload.FileItem,
-                 org.apache.commons.fileupload.FileItemFactory,
-                 org.apache.commons.fileupload.FileUploadException,
-                 org.apache.commons.fileupload.disk.DiskFileItemFactory,
-                 org.apache.commons.fileupload.servlet.ServletFileUpload"
-        %>
+<%@ page import="java.io.InputStream" %>
 <%@ page import="org.jivesoftware.openfire.XMPPServer" %>
 <%@ page import="org.jivesoftware.openfire.container.PluginManager" %>
 <%@ page import="org.jivesoftware.openfire.update.UpdateManager" %>
 <%@ page import="org.slf4j.Logger" %>
 <%@ page import="org.slf4j.LoggerFactory" %>
 <%@ page import="org.jivesoftware.util.*" %>
+<%@ page import="org.apache.commons.fileupload2.core.FileItemFactory" %>
+<%@ page import="org.apache.commons.fileupload2.core.DiskFileItemFactory" %>
+<%@ page import="org.apache.commons.fileupload2.core.FileItem" %>
+<%@ page import="org.apache.commons.fileupload2.core.FileUploadException" %>
+<%@ page import="org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload" %>
+<%@ page import="java.util.List" %>
 
 <%@ taglib uri="admin" prefix="admin" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
@@ -100,10 +99,10 @@
         boolean installed = false;
 
         // Create a factory for disk-based file items
-        FileItemFactory factory = new DiskFileItemFactory();
+        FileItemFactory factory = DiskFileItemFactory.builder().get();
 
         // Create a new file upload handler
-        ServletFileUpload upload = new ServletFileUpload(factory);
+        JakartaServletFileUpload upload = new JakartaServletFileUpload(factory);
         // I'm not sure that the file count can exceed 1, but limiting is good practice under CVE-2023-24998
         upload.setFileCountMax(20);