commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Cooper <mart...@apache.org>
Subject Re: [File-Upload] Original file name
Date Sat, 11 Jan 2003 04:57:07 GMT


On Fri, 10 Jan 2003, Andreas Probst wrote:

> Hi all,
>
> the method item.getName() returns the original file name.
> However, with different browsers the name gets send as full path
> or only as the actual name.

This is actually a security issue. Good browsers send only the base file
name, since sending the full path reveals information about the client's
system, which could be used to attempt to hack into it.

> Is there any API to detect, which kind of name is sent? How can
> I extract the actual file name?

Jakarta Struts uses the FileUpload component, and implements a method to
obtain the base file name from the path in the request. Take a look at the
getBaseFileName() method here:

http://cvs.apache.org/viewcvs/jakarta-struts/src/share/org/apache/struts/upload/CommonsMultipartRequestHandler.java?rev=1.6&content-type=text/vnd.viewcvs-markup

--
Martin Cooper


>
> Thanks in advance.
>
> Andreas
>
>
> --
> To unsubscribe, e-mail:   <mailto:commons-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:commons-user-help@jakarta.apache.org>
>
>


Mime
View raw message