commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From joc...@apache.org
Subject svn commit: r963625 - /commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
Date Tue, 13 Jul 2010 09:12:54 GMT
Author: jochen
Date: Tue Jul 13 09:12:53 2010
New Revision: 963625

URL: http://svn.apache.org/viewvc?rev=963625&view=rev
Log:
Rewrote comment, due to user feedback.

Modified:
    commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java

Modified: commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
URL: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java?rev=963625&r1=963624&r2=963625&view=diff
==============================================================================
--- commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
(original)
+++ commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
Tue Jul 13 09:12:53 2010
@@ -21,11 +21,11 @@ package org.apache.commons.fileupload;
  * This exception is thrown in case of an invalid file name.
  * A file name is invalid, if it contains a NUL character.
  * Attackers might use this to circumvent security checks:
- * For example, the user might check, whether the file name
- * is "foo.exe\0.png". This file name might pass security
- * checks. OTOH, depending on the underlying C library, it
- * might create a file named "foo.exe", as the NUL character
- * is the string terminator in C.
+ * For example, a malicious user might upload a file with the name
+ * "foo.exe\0.png". This file name might pass security checks (i.e.
+ * checks for the extension ".png"), while, depending on the underlying
+ * C library, it might create a file named "foo.exe", as the NUL
+ * character is the string terminator in C.
  */
 public class InvalidFileNameException extends RuntimeException {
     private static final long serialVersionUID = 7922042602454350470L;



Mime
View raw message