tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [ win xp and win server 2003 ] tomcat utf8 encoding
Date Thu, 07 Apr 2011 21:15:01 GMT
Christopher Schultz wrote:
... (RFC references) ..

Thanks for that post (with the chain of applicable RFCs).  I will keep that email 
preciously as a resource for future file upload debugging references.
...

Also, to add to the potential OP woes, there is also the fact that some browsers send the

filename, and others send the full path of the file.

> 
> I would hope that the OP was putting these files in some known root, so
> that uploading /etc/passwd wouldn't overwrite /etc/passwd,
(I wrote "> /etc/passwd" as the filename)

  and that file
> permissions wouldn't allow this, either. Also, unlike Perl, having a
> pipe in a filename isn't a problem in Java :)
> 
But it /may/ still be a problem if, after uploading the file and duly writing it into a 
directory, that directory is then later scanned by some separate (non-Java) program or 
script (whatever language it may be written in, even, God forbid, perl) with the purpose 
of actually doing something with these files.

There may be a lot of potential there :

for ff in /mydir/* ; do
   mv "$ff" "/otherdir/${ff}.new"
done


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message