001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.fileupload.disk;
018
019import static java.lang.String.*;
020
021import java.io.ByteArrayInputStream;
022import java.io.File;
023import java.io.FileInputStream;
024import java.io.FileOutputStream;
025import java.io.IOException;
026import java.io.InputStream;
027import java.io.ObjectInputStream;
028import java.io.ObjectOutputStream;
029import java.io.OutputStream;
030import java.io.UnsupportedEncodingException;
031import java.util.Map;
032import java.util.UUID;
033import java.util.concurrent.atomic.AtomicInteger;
034
035import org.apache.commons.fileupload.FileItem;
036import org.apache.commons.fileupload.FileItemHeaders;
037import org.apache.commons.fileupload.FileUploadException;
038import org.apache.commons.fileupload.ParameterParser;
039import org.apache.commons.fileupload.util.Streams;
040import org.apache.commons.io.FileUtils;
041import org.apache.commons.io.IOUtils;
042import org.apache.commons.io.output.DeferredFileOutputStream;
043
044/**
045 * <p> The default implementation of the
046 * {@link org.apache.commons.fileupload.FileItem FileItem} interface.
047 *
048 * <p> After retrieving an instance of this class from a {@link
049 * DiskFileItemFactory} instance (see
050 * {@link org.apache.commons.fileupload.servlet.ServletFileUpload
051 * #parseRequest(javax.servlet.http.HttpServletRequest)}), you may
052 * either request all contents of file at once using {@link #get()} or
053 * request an {@link java.io.InputStream InputStream} with
054 * {@link #getInputStream()} and process the file without attempting to load
055 * it into memory, which may come handy with large files.
056 *
057 * <p>Temporary files, which are created for file items, should be
058 * deleted later on. The best way to do this is using a
059 * {@link org.apache.commons.io.FileCleaningTracker}, which you can set on the
060 * {@link DiskFileItemFactory}. However, if you do use such a tracker,
061 * then you must consider the following: Temporary files are automatically
062 * deleted as soon as they are no longer needed. (More precisely, when the
063 * corresponding instance of {@link java.io.File} is garbage collected.)
064 * This is done by the so-called reaper thread, which is started and stopped
065 * automatically by the {@link org.apache.commons.io.FileCleaningTracker} when
066 * there are files to be tracked.
067 * It might make sense to terminate that thread, for example, if
068 * your web application ends. See the section on "Resource cleanup"
069 * in the users guide of commons-fileupload.</p>
070 *
071 * @since FileUpload 1.1
072 *
073 * @version $Id: DiskFileItem.java 1743503 2016-05-12 13:39:38Z jochen $
074 */
075public class DiskFileItem
076    implements FileItem {
077
078    // ----------------------------------------------------- Manifest constants
079
080    /**
081     * The UID to use when serializing this instance.
082     */
083    private static final long serialVersionUID = 2237570099615271025L;
084
085    /**
086     * Default content charset to be used when no explicit charset
087     * parameter is provided by the sender. Media subtypes of the
088     * "text" type are defined to have a default charset value of
089     * "ISO-8859-1" when received via HTTP.
090     */
091    public static final String DEFAULT_CHARSET = "ISO-8859-1";
092
093    // ----------------------------------------------------------- Data members
094
095    /**
096     * UID used in unique file name generation.
097     */
098    private static final String UID =
099            UUID.randomUUID().toString().replace('-', '_');
100
101    /**
102     * Counter used in unique identifier generation.
103     */
104    private static final AtomicInteger COUNTER = new AtomicInteger(0);
105
106    /**
107     * The name of the form field as provided by the browser.
108     */
109    private String fieldName;
110
111    /**
112     * The content type passed by the browser, or <code>null</code> if
113     * not defined.
114     */
115    private final String contentType;
116
117    /**
118     * Whether or not this item is a simple form field.
119     */
120    private boolean isFormField;
121
122    /**
123     * The original filename in the user's filesystem.
124     */
125    private final String fileName;
126
127    /**
128     * The size of the item, in bytes. This is used to cache the size when a
129     * file item is moved from its original location.
130     */
131    private long size = -1;
132
133
134    /**
135     * The threshold above which uploads will be stored on disk.
136     */
137    private final int sizeThreshold;
138
139    /**
140     * The directory in which uploaded files will be stored, if stored on disk.
141     */
142    private final File repository;
143
144    /**
145     * Cached contents of the file.
146     */
147    private byte[] cachedContent;
148
149    /**
150     * Output stream for this item.
151     */
152    private transient DeferredFileOutputStream dfos;
153
154    /**
155     * The temporary file to use.
156     */
157    private transient File tempFile;
158
159    /**
160     * File to allow for serialization of the content of this item.
161     */
162    private File dfosFile;
163
164    /**
165     * The file items headers.
166     */
167    private FileItemHeaders headers;
168
169    // ----------------------------------------------------------- Constructors
170
171    /**
172     * Constructs a new <code>DiskFileItem</code> instance.
173     *
174     * @param fieldName     The name of the form field.
175     * @param contentType   The content type passed by the browser or
176     *                      <code>null</code> if not specified.
177     * @param isFormField   Whether or not this item is a plain form field, as
178     *                      opposed to a file upload.
179     * @param fileName      The original filename in the user's filesystem, or
180     *                      <code>null</code> if not specified.
181     * @param sizeThreshold The threshold, in bytes, below which items will be
182     *                      retained in memory and above which they will be
183     *                      stored as a file.
184     * @param repository    The data repository, which is the directory in
185     *                      which files will be created, should the item size
186     *                      exceed the threshold.
187     */
188    public DiskFileItem(String fieldName,
189            String contentType, boolean isFormField, String fileName,
190            int sizeThreshold, File repository) {
191        this.fieldName = fieldName;
192        this.contentType = contentType;
193        this.isFormField = isFormField;
194        this.fileName = fileName;
195        this.sizeThreshold = sizeThreshold;
196        this.repository = repository;
197    }
198
199    // ------------------------------- Methods from javax.activation.DataSource
200
201    /**
202     * Returns an {@link java.io.InputStream InputStream} that can be
203     * used to retrieve the contents of the file.
204     *
205     * @return An {@link java.io.InputStream InputStream} that can be
206     *         used to retrieve the contents of the file.
207     *
208     * @throws IOException if an error occurs.
209     */
210    public InputStream getInputStream()
211        throws IOException {
212        if (!isInMemory()) {
213            return new FileInputStream(dfos.getFile());
214        }
215
216        if (cachedContent == null) {
217            cachedContent = dfos.getData();
218        }
219        return new ByteArrayInputStream(cachedContent);
220    }
221
222    /**
223     * Returns the content type passed by the agent or <code>null</code> if
224     * not defined.
225     *
226     * @return The content type passed by the agent or <code>null</code> if
227     *         not defined.
228     */
229    public String getContentType() {
230        return contentType;
231    }
232
233    /**
234     * Returns the content charset passed by the agent or <code>null</code> if
235     * not defined.
236     *
237     * @return The content charset passed by the agent or <code>null</code> if
238     *         not defined.
239     */
240    public String getCharSet() {
241        ParameterParser parser = new ParameterParser();
242        parser.setLowerCaseNames(true);
243        // Parameter parser can handle null input
244        Map<String, String> params = parser.parse(getContentType(), ';');
245        return params.get("charset");
246    }
247
248    /**
249     * Returns the original filename in the client's filesystem.
250     *
251     * @return The original filename in the client's filesystem.
252     * @throws org.apache.commons.fileupload.InvalidFileNameException The file name contains a NUL character,
253     *   which might be an indicator of a security attack. If you intend to
254     *   use the file name anyways, catch the exception and use
255     *   {@link org.apache.commons.fileupload.InvalidFileNameException#getName()}.
256     */
257    public String getName() {
258        return Streams.checkFileName(fileName);
259    }
260
261    // ------------------------------------------------------- FileItem methods
262
263    /**
264     * Provides a hint as to whether or not the file contents will be read
265     * from memory.
266     *
267     * @return <code>true</code> if the file contents will be read
268     *         from memory; <code>false</code> otherwise.
269     */
270    public boolean isInMemory() {
271        if (cachedContent != null) {
272            return true;
273        }
274        return dfos.isInMemory();
275    }
276
277    /**
278     * Returns the size of the file.
279     *
280     * @return The size of the file, in bytes.
281     */
282    public long getSize() {
283        if (size >= 0) {
284            return size;
285        } else if (cachedContent != null) {
286            return cachedContent.length;
287        } else if (dfos.isInMemory()) {
288            return dfos.getData().length;
289        } else {
290            return dfos.getFile().length();
291        }
292    }
293
294    /**
295     * Returns the contents of the file as an array of bytes.  If the
296     * contents of the file were not yet cached in memory, they will be
297     * loaded from the disk storage and cached.
298     *
299     * @return The contents of the file as an array of bytes
300     * or {@code null} if the data cannot be read
301     */
302    public byte[] get() {
303        if (isInMemory()) {
304            if (cachedContent == null && dfos != null) {
305                cachedContent = dfos.getData();
306            }
307            return cachedContent;
308        }
309
310        byte[] fileData = new byte[(int) getSize()];
311        InputStream fis = null;
312
313        try {
314            fis = new FileInputStream(dfos.getFile());
315            IOUtils.readFully(fis, fileData);
316        } catch (IOException e) {
317            fileData = null;
318        } finally {
319            IOUtils.closeQuietly(fis);
320        }
321
322        return fileData;
323    }
324
325    /**
326     * Returns the contents of the file as a String, using the specified
327     * encoding.  This method uses {@link #get()} to retrieve the
328     * contents of the file.
329     *
330     * @param charset The charset to use.
331     *
332     * @return The contents of the file, as a string.
333     *
334     * @throws UnsupportedEncodingException if the requested character
335     *                                      encoding is not available.
336     */
337    public String getString(final String charset)
338        throws UnsupportedEncodingException {
339        return new String(get(), charset);
340    }
341
342    /**
343     * Returns the contents of the file as a String, using the default
344     * character encoding.  This method uses {@link #get()} to retrieve the
345     * contents of the file.
346     *
347     * <b>TODO</b> Consider making this method throw UnsupportedEncodingException.
348     *
349     * @return The contents of the file, as a string.
350     */
351    public String getString() {
352        byte[] rawdata = get();
353        String charset = getCharSet();
354        if (charset == null) {
355            charset = DEFAULT_CHARSET;
356        }
357        try {
358            return new String(rawdata, charset);
359        } catch (UnsupportedEncodingException e) {
360            return new String(rawdata);
361        }
362    }
363
364    /**
365     * A convenience method to write an uploaded item to disk. The client code
366     * is not concerned with whether or not the item is stored in memory, or on
367     * disk in a temporary location. They just want to write the uploaded item
368     * to a file.
369     * <p>
370     * This implementation first attempts to rename the uploaded item to the
371     * specified destination file, if the item was originally written to disk.
372     * Otherwise, the data will be copied to the specified file.
373     * <p>
374     * This method is only guaranteed to work <em>once</em>, the first time it
375     * is invoked for a particular item. This is because, in the event that the
376     * method renames a temporary file, that file will no longer be available
377     * to copy or rename again at a later time.
378     *
379     * @param file The <code>File</code> into which the uploaded item should
380     *             be stored.
381     *
382     * @throws Exception if an error occurs.
383     */
384    public void write(File file) throws Exception {
385        if (isInMemory()) {
386            FileOutputStream fout = null;
387            try {
388                fout = new FileOutputStream(file);
389                fout.write(get());
390                fout.close();
391            } finally {
392                IOUtils.closeQuietly(fout);
393            }
394        } else {
395            File outputFile = getStoreLocation();
396            if (outputFile != null) {
397                // Save the length of the file
398                size = outputFile.length();
399                /*
400                 * The uploaded file is being stored on disk
401                 * in a temporary location so move it to the
402                 * desired file.
403                 */
404                FileUtils.moveFile(outputFile, file);
405            } else {
406                /*
407                 * For whatever reason we cannot write the
408                 * file to disk.
409                 */
410                throw new FileUploadException(
411                    "Cannot write uploaded file to disk!");
412            }
413        }
414    }
415
416    /**
417     * Deletes the underlying storage for a file item, including deleting any
418     * associated temporary disk file. Although this storage will be deleted
419     * automatically when the <code>FileItem</code> instance is garbage
420     * collected, this method can be used to ensure that this is done at an
421     * earlier time, thus preserving system resources.
422     */
423    public void delete() {
424        cachedContent = null;
425        File outputFile = getStoreLocation();
426        if (outputFile != null && outputFile.exists()) {
427            outputFile.delete();
428        }
429    }
430
431    /**
432     * Returns the name of the field in the multipart form corresponding to
433     * this file item.
434     *
435     * @return The name of the form field.
436     *
437     * @see #setFieldName(java.lang.String)
438     *
439     */
440    public String getFieldName() {
441        return fieldName;
442    }
443
444    /**
445     * Sets the field name used to reference this file item.
446     *
447     * @param fieldName The name of the form field.
448     *
449     * @see #getFieldName()
450     *
451     */
452    public void setFieldName(String fieldName) {
453        this.fieldName = fieldName;
454    }
455
456    /**
457     * Determines whether or not a <code>FileItem</code> instance represents
458     * a simple form field.
459     *
460     * @return <code>true</code> if the instance represents a simple form
461     *         field; <code>false</code> if it represents an uploaded file.
462     *
463     * @see #setFormField(boolean)
464     *
465     */
466    public boolean isFormField() {
467        return isFormField;
468    }
469
470    /**
471     * Specifies whether or not a <code>FileItem</code> instance represents
472     * a simple form field.
473     *
474     * @param state <code>true</code> if the instance represents a simple form
475     *              field; <code>false</code> if it represents an uploaded file.
476     *
477     * @see #isFormField()
478     *
479     */
480    public void setFormField(boolean state) {
481        isFormField = state;
482    }
483
484    /**
485     * Returns an {@link java.io.OutputStream OutputStream} that can
486     * be used for storing the contents of the file.
487     *
488     * @return An {@link java.io.OutputStream OutputStream} that can be used
489     *         for storing the contents of the file.
490     *
491     * @throws IOException if an error occurs.
492     */
493    public OutputStream getOutputStream()
494        throws IOException {
495        if (dfos == null) {
496            File outputFile = getTempFile();
497            dfos = new DeferredFileOutputStream(sizeThreshold, outputFile);
498        }
499        return dfos;
500    }
501
502    // --------------------------------------------------------- Public methods
503
504    /**
505     * Returns the {@link java.io.File} object for the <code>FileItem</code>'s
506     * data's temporary location on the disk. Note that for
507     * <code>FileItem</code>s that have their data stored in memory,
508     * this method will return <code>null</code>. When handling large
509     * files, you can use {@link java.io.File#renameTo(java.io.File)} to
510     * move the file to new location without copying the data, if the
511     * source and destination locations reside within the same logical
512     * volume.
513     *
514     * @return The data file, or <code>null</code> if the data is stored in
515     *         memory.
516     */
517    public File getStoreLocation() {
518        if (dfos == null) {
519            return null;
520        }
521        if (isInMemory()) {
522                return null;
523        }
524        return dfos.getFile();
525    }
526
527    // ------------------------------------------------------ Protected methods
528
529    /**
530     * Removes the file contents from the temporary storage.
531     */
532    @Override
533    protected void finalize() {
534        if (dfos == null) {
535            return;
536        }
537        File outputFile = dfos.getFile();
538
539        if (outputFile != null && outputFile.exists()) {
540            outputFile.delete();
541        }
542    }
543
544    /**
545     * Creates and returns a {@link java.io.File File} representing a uniquely
546     * named temporary file in the configured repository path. The lifetime of
547     * the file is tied to the lifetime of the <code>FileItem</code> instance;
548     * the file will be deleted when the instance is garbage collected.
549     * <p>
550     * <b>Note: Subclasses that override this method must ensure that they return the
551     * same File each time.</b>
552     *
553     * @return The {@link java.io.File File} to be used for temporary storage.
554     */
555    protected File getTempFile() {
556        if (tempFile == null) {
557            File tempDir = repository;
558            if (tempDir == null) {
559                tempDir = new File(System.getProperty("java.io.tmpdir"));
560            }
561
562            String tempFileName = format("upload_%s_%s.tmp", UID, getUniqueId());
563
564            tempFile = new File(tempDir, tempFileName);
565        }
566        return tempFile;
567    }
568
569    // -------------------------------------------------------- Private methods
570
571    /**
572     * Returns an identifier that is unique within the class loader used to
573     * load this class, but does not have random-like appearance.
574     *
575     * @return A String with the non-random looking instance identifier.
576     */
577    private static String getUniqueId() {
578        final int limit = 100000000;
579        int current = COUNTER.getAndIncrement();
580        String id = Integer.toString(current);
581
582        // If you manage to get more than 100 million of ids, you'll
583        // start getting ids longer than 8 characters.
584        if (current < limit) {
585            id = ("00000000" + id).substring(id.length());
586        }
587        return id;
588    }
589
590    /**
591     * Returns a string representation of this object.
592     *
593     * @return a string representation of this object.
594     */
595    @Override
596    public String toString() {
597        return format("name=%s, StoreLocation=%s, size=%s bytes, isFormField=%s, FieldName=%s",
598                      getName(), getStoreLocation(), Long.valueOf(getSize()),
599                      Boolean.valueOf(isFormField()), getFieldName());
600    }
601
602    /**
603     * Returns the file item headers.
604     * @return The file items headers.
605     */
606    public FileItemHeaders getHeaders() {
607        return headers;
608    }
609
610    /**
611     * Sets the file item headers.
612     * @param pHeaders The file items headers.
613     */
614    public void setHeaders(FileItemHeaders pHeaders) {
615        headers = pHeaders;
616    }
617
618}