commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Probst" <andpr...@gmx.net>
Subject Re: [File-Upload] Original file name
Date Sat, 11 Jan 2003 10:51:17 GMT
Hi Martin,

thank you very much. I wonder whether the implementation is 
platform independent?

    // First, ask the JDK for the base file name.
    String fileName = new File(filePath).getName();

What happens, if a Unix path is put here on Windows system or 
vice versa? Can the File still be created? 

Do I understand the File api docu right, that calling new 
File(path) translates the path into system independend one?
 
What would File do, if it gets the path c:\halloballo.txt on a 
Unix box?

Unfortunately I can't test it as I have only one machine.

Andreas


On 10 Jan 2003 at 20:57, Martin Cooper wrote:

> 
> 
> On Fri, 10 Jan 2003, Andreas Probst wrote:
> 
> > Hi all,
> >
> > the method item.getName() returns the original file name.
> > However, with different browsers the name gets send as full
> > path or only as the actual name.
> 
> This is actually a security issue. Good browsers send only the
> base file name, since sending the full path reveals information
> about the client's system, which could be used to attempt to hack
> into it.
> 
> > Is there any API to detect, which kind of name is sent? How can
> > I extract the actual file name?
> 
> Jakarta Struts uses the FileUpload component, and implements a
> method to obtain the base file name from the path in the request.
> Take a look at the getBaseFileName() method here:
> 
> http://cvs.apache.org/viewcvs/jakarta-struts/src/share/org/apache
> /struts/upload/CommonsMultipartRequestHandler.java?rev=1.6&conten
> t-type=text/vnd.viewcvs-markup
> 
> --
> Martin Cooper
> 
> 
> >
> > Thanks in advance.
> >
> > Andreas
> >
> >


Mime
View raw message