commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Beigel (JIRA)" <j...@apache.org>
Subject [jira] Created: (FILEUPLOAD-122) Filename may contain a full path
Date Wed, 13 Dec 2006 15:34:21 GMT
Filename may contain a full path
--------------------------------

                 Key: FILEUPLOAD-122
                 URL: http://issues.apache.org/jira/browse/FILEUPLOAD-122
             Project: Commons FileUpload
          Issue Type: Bug
    Affects Versions: 1.1.1
            Reporter: Sebastian Beigel
            Priority: Blocker


The filename extracted from the content disposition may contain a full path (i.e. as submitted
by the Internet Explorer for example).

It's is important to check for this and strip the path information accordingly as the upload
fails if you use FileItem#getName() to build your destination path.

I patched the abstract class FileUploadBase#getFileName(...) with a few lines of code inspired
by COS' MultiPartParser :)

Starting on line 447 (after fileName = fileName.trim(); )

                        // The filename may contain a full path.  Cut to just the filename.
                        int slash = Math.max(fileName.lastIndexOf('/'), fileName.lastIndexOf('\\'));
// check for Unix AND Win separator
                        if (slash > -1) {
                          fileName = fileName.substring(slash + 1);  // past last slash
                        }



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message